Password:
NASCIO: As the new president of NASCIO, what are your priorities for the coming program year?
Gillispie: I would like to continue to raise the profile of NASCIO by:
NASCIO: In an environment of increasing external threats as well as vulnerabilities created by more mobile workers and new technologies, what has been your major challenge with respect to IT security?
Gillispie: The all too familiar escalation of increasingly targeted social engineering attacks. Although government is not a direct target, the fall out ends up flowing through out systems. Recent increases of spam, viruses, worm, and spyware type e-mails have increased at the borders of the network 200-250% in the last 90 days. As a result, the amount of valid e-mail is decreasing in percentage but the amount slipping through the defenses is raising anxiety levels in end users. Defending the borders is a challenging task and add to it the "opportunity" space that mobility introduces into network defenses, taking simple steps such as education are increasingly important. I have read reports that this is war and the battles are fought every day at the borders. Insuring we have the attention to detail and teaching good practices in software development are area's where we continue to focus. Interestingly, your first line of defense against new threats in many cases is individual sitting at the computing device asking simple questions like "I don't know that person, I didn't expect this today, and why would someone send me off to a website for that?". Providing training and development for your first line of defense insures they practice safe computing. What is especially challenging is convincing decision makers that investment in education pays dividends that are difficult to describe.
NASCIO: Please describe some of the major IT projects and initiatives that your state plans to undertake over the next 1-3 years.
Gillispie: As more fully described in question 5 below, the implementation of the operating model here in Iowa has delivered challenges from a financial perspective that must be overcome. Fully developing an activity-based costing system and the resulting dynamic pricing model for our products so that we can respond to volume and expense changes is especially important. Building a trusted relationship with our customers, funding partners and decision makers is a key activity area for us. I have been long convinced that technology enables business and should be lead by business objectives. In Iowa we have built an IT governance model based upon business leadership; continuing the work from implementation of that model and strengthening its operation is very important. There are lots of technologies out there, but technology doesn't solve problems, people do - so insuring state government can attract talent and build strong operational capabilities is also a key area of focus. The bottom line is most of the key initiatives that IT has are driven by basic business demands: financial performance, planning and governance skills, and workforce development.
NASCIO: As CIO, what initiatives have you undertaken to promote cross-boundary collaboration and coordination with local governments in your state?
Gillispie: Iowa has developed a federation of city and county CIO's that has met on a somewhat regular basis over the last couple of years. The objective of the group is to create an open dialogue between the various levels of government, share ideas, talk about future initiatives, and most importantly, build relationships. Each level of government has its own accountabilities and responsibilities but we definitely do things that impact each other. In Iowa, much of the activity has been centered around emergency management, geographic information systems, and law enforcement. Developing relationships has taught us about all the other places we interface such as health care, aging, and environmental.
NASCIO: As CIO, how have you optimized your state's IT assets and delivery of services using a shared enterprise infrastructure model, especially as they relate to consolidation and shared services, and data center consolidation strategies and business justification?
Gillispie: Iowa state government has been operating its shared services IT function under a structure referred to as the entrepreneurial model. At its essence, this model requires that the shared services function should operate as a business and compete for departmental business. This forces the shared services function to operate in an efficient, effective manner with customer focus at its forefront. Although we continue to improve, I would say that the model adds dynamics, especially in the policy area, that are challenging as you are often perceived as making the rules, and then enforcing their implementation with a financial stake in the outcome. This adds stress that you would not find in a typical shared services operation. Adapting to this model has been fairly challenging. State government Iowa IT, in general, operates as a federated model and has done so for many years. Convincing departments that IT is either not a core competency or should not be a core competency requires consistent delivery, fair service costs, high quality product/service delivery, and a willingness to look at the total cost of operations, not just the appropriations. Developing a thorough knowledge of funding models assists with building a shared services capability that is flexible, fair, and responsive to changes in the external environment.
