State Department CIO: ‘If People Aren’t Laughing At You, Your Goals Aren’t Big Enough'

The State Department has all the challenges most federal agencies face at the moment—a surplus of legacy technology, cybersecurity concerns, adhering to evolving policies—with the added complexity of having bureaus and consulates around the world.

The man responsible for the State Department’s technological well-being is Chief Information Officer Frontis Wiggins, appointed in November after more than three decades with the agency. He now oversees approximately $1 billion worth of IT.

Almost immediately after his appointment, Wiggins made his public debut before the House Oversight and Government Reform Committee, answering for the State Department’s low grade in the FITARA scorecards released by Congress. Behind the scenes, though, Wiggins went to work, gathering feedback from senior leaders and management to create a 100-day plan, publishing a lengthy IT strategic plan and setting a tech agenda for the coming years.

Nextgov sat down with Wiggins last week to discuss his new role and how the State Department views IT today.

Nextgov: You’ve been CIO for a few months now. How’d you end up in that role and what have you been up to?

Frontis Wiggins: I was nominated in July and appointed in November. I’ve been with the department for 31 years. I’d started as an operations guy and worked my way up through the ranks and now I’m Senior Foreign Service. Our bureau, the Information Resource Management bureau, is in charge of infrastructure and support for domestic and overseas worldwide IT. IRM has responsibility for infrastructure modernization efforts and we host our partners’ apps and data centers and communications overseas.

Nextgov: When you were appointed CIO, you came up with a 100-day plan. How was it received and what did you learn?

Wiggins: Having worked my way up from the bottom of the barrel quite literally, the folks who know how to best address things are usually those who do them on a daily basis. While senior leaders can give you an idea of where to steer the ship, you’ve got to listen to folks who do it daily.

We pulled together senior managers and second- and third-level management and said, “Tell me what you’re hearing from folks and those who deal with customers on a daily basis,” and I’ll give you a broad vision of where IRM should go. I told them I needed to hear from them all on where they think our opportunities are for the biggest bang for the buck, and where areas of improvement are for IRM.

We came up with 37 tasks they wanted to execute in 100 days to push the bureau in the right direction—37 activities we wanted to get done. The plan had some deliverables within 100 days, and because we want to revolutionize how we do innovation, on some, we are not going to get there in 100 days, but we want the plan. Of those activities, right now, we have a dozen completed, 20-some in-flight and they all have a plan in place.

The biggest thing I learned was to listen to your people. They do have great input and it’s not all about top-down leadership; it’s a two-way street. And second, if people aren’t laughing at you, your goals aren’t big enough.

Nextgov: Are there any examples you can share of large changes that resulted from the plan?

Wiggins: We stood up the Cybersecurity Integrity Center as part of the 100-day plan. We wanted to stand up something that would be a one-stop shop for what happens if we get a cyber incident.

Nextgov: The IT strategic plan is a big deal. How is State looking at IT over the next few years?

Wiggins: One of the things we didn’t call out specifically this year was cyber because we believe that is part and parcel to all we do in IT. It’s something we should be doing every hour of every day.

One thing we did different this year was engaging in interviews with customer groups, asking what their concerns were regarding where IRM puts its focus. One area we focused on is innovative diplomacy. How can we help customers meet demands? We don’t do IT for the sake of IT; we’re a customer service organization.

Innovative diplomacy is IRM not working in a vacuum, but seeking the best of breed in or out of [the State Department], making sure we are giving folks tools they need to do their jobs. We’re creating a Customer Requirements Office, where the customer brings a need, and the CRO looks at whether we have it, can borrow it, lease it or get it through an existing contract.

In IT infrastructure, the idea is to push to cloud, mobile environments, look at segmentation of our networks and worry more about the data we have and less about the apps. We want to put data on the right IT platform, and as part of that, we’re doing an enterprise architecture—we haven’t had one in five years. We’ll have a security architecture that lays over top, and business platforms that lay over top of that.

We’re also focused on IT management. Under FITARA, the CIO’s office is responsible for all agency data, whether the CIO has visibility [to it] or not. In the past, before FITARA, there was the opportunity to procure IT services that didn’t have to go through the CIO’s office. Now, we’re trying to pull that together in collaborative fashion and give people the governance they need. The CIO’s office has to be with a capital “C,” not a lowercase “c.” But if you can’t meet customer needs, you can’t necessarily blame them for going out of the bounds of governance you have set up.

The last piece is the workforce. We have to make sure we’re hiring, recruiting, training and incentivizing IT folks so that we get the best and brightest. And we’re looking at demographics. We have a lot of [males] and not so many [females]. Over 50 percent of our current workforce are baby boomers, and millennials only make up 7-8 percent of our workforce—that’s hugely problematic.

Nextgov: You were one of several officials called to testify before Congress regarding State Department’s performance implementing FITARA. How have you taken those lessons to heart?

Wiggins: The lesson learned is never go on the Hill when you get a D-. [Laughs.] It was a good experience for me and opportunity to be transparent about where we are. You have to take your lumps, but it motivated me to come back here and work harder on this.

I expect our grade is going to go up at least one full letter grade [for the next scorecard], but we’re always subject to the grades we get. We’re in a better place with data center optimization, realizing $60 million in savings. This lit a fire under folks—not just me on the Hill [but] this is our organization being judged as a whole.

Nextgov: IT modernization is a big deal for most agencies, with many in government spending as much as 90 percent of their IT budget on legacy systems. How is State handling this problem? How much are you spending on legacy?

Wiggins: I’d say we are probably spending 60 to 70 percent on operations and maintenance. It’s a huge challenge and what I’ve told my folks is, if we go through budget austerity, which we’re anticipating, is that I don’t want them spending any more money on legacy systems than we need to.

We want people to focus on modernization—why pay for something that is only limping along?— and my folks have taken it to heart. We’re doing streamlined tablets with two-factor authentication built in, getting away from hard-wired desktops and going wireless. Modernization renders cybersecurity benefits; old legacy systems can be huge vulnerabilities.

Nextgov: A few agencies are looking to cloud, artificial intelligence and other next-gen technologies. Is State?

Wiggins: The short answer is yes. We’ve got an AI system to work on spear-phishing—we see spear-phishing as the biggest thorn in our side. That’s in pilot right now.

We want to transform our bureau and the Department of State into an IT leader and innovator within the federal government. In the past, IRM was a little parochial looking at things just within our own bureau and didn’t engage enough with our customers.

My vision is for IRM to be a customer service and customer-centric organization and run this place like a business. Act like you aren’t the only game in town, and if the decisions you make don’t make good business sense, we’re failing as an organization. We want to get folks to cloud, get them more mobile and do so in a secure environment. If we do that, then I going to think I’ve done my job effectively.