He fielded the Navy’s first firewall, helped start its information security program and led work on the Global Information Grid Bandwidth Expansion program that increased the capacity of the Defense Department’s networks. After about 31 years in government, Defense Information Systems Agency Chief Technology Officer David Mihelcic is set to retire from federal service in February.
Mihelcic, whose last day is planned for Feb. 21, served in government in leadership positions such as the chief executive engineer and deputy program director for the Global Information Grid Bandwidth Expansion program, known as GIG-BE, and head of the Network Security Section of the Naval Research Laboratory.
The CTO told FedScoop he is most proud of his work from about 2001 to 2005 on GIG-BE, a program he said increased the capacity of DOD’s network “by many orders of magnitude” and made it “thousands of times faster, many times more secure and much more reliable and of higher quality than anything that the DOD network could previously provide.”
“The other very interesting side effect of that was it helped us bring many new good people into the government,” he said. “And we actually got people when this program concluded that said, ‘I like what you do DISA, I like working for you, I want to continue to work for you.’ And they came to work for us as government employees.”
Shortly after working on that program Mihelcic became DISA’s CTO.
The slow march to modernization: The Pentagon’s cloud computing journey
Mihelcic said he wishes the Pentagon had made more progress in cloud adoption.
“We have pushed for cloud computing adoption in the DOD ever since  and for a number of reasons, security and cultural, the adoption has not been as quick as we’d like,” he said.
The agency has seen some successes in fielding milCloud, Mihelcic said, and last year put out a Request for Proposals for the second version of milCloud.
He also noted the agency put together standards that allow for adoption, for unclassified DOD capabilities, of commercial cloud providers accredited by the Federal Risk and Authorization Management Program.
And he said his office is continuing to push for modernizing testing and accreditation necessary to take advantage of commercial cloud.
“So if I can turn a capability on in a commercial cloud provider in seconds but it then takes me six months or a year for me to get my applications loaded in there, configured, tested and approved to operate, I haven’t bought anything,” Mihelcic said.
The DOD hasn’t achieved as much as Mihelcic would like in accompanying cloud adoption with a change in processes that allows government to push out capabilities in real time. “Maybe that’ll be something I’ll try to continue to push from outside the DOD,” he said.
The department’s culture is one reason for slow cloud adoption, Mihelcic said.
“There are many cultural issues, and a lot of them do stem from security. We are very risk-averse in the Department of Defense,” he said. “We like to do things that we’ve done before. We do things based on precedent, so we don’t have a lot of precedent there.”
He added: “The other cultural issue is I think we have a lot of people who are comfortable being those infrastructure providers today in our DISA, and other DOD, data centers. And this is one of these areas where the world is going to change, and either you can change with it or you’ll risk becoming a dinosaur.”
Looking to the future — and advice for his replacement
The CTO is not sure of his plans for when he leaves the agency, but he said he has talked to some people about opportunities outside of government.
“Hopefully you’ll see me doing something related to these technologies such as cloud computing and networking,” he said. “And I’ll be able to help the DOD a little bit indirectly in the future.”
Mihelcic’s advice for the new CTO: Partner with industry, empower your workers and focus on automation.
“That’s probably the area where the DOD is furthest behind in IT,” he said of automation. “We still do too many tasks manually. And we need to automate everything we do, including security compliance checking.”
Security compliance checking today can add months to a program, he said, noting that it is “largely a manual process where we bring in testers at the end of program development and they validate the configuration of the running system.”
Those testers write reports that others have to then read.
“All of that can be done in real time with automated conformance testing,” he said, adding: “That’s what industry does.”
Mihelcic also said he hopes the new chief technology officer will have the latitude he did.
“I was given the chance by the Director of DISA to take that CTO role, turn it into a technology outreach and oversight organization, an organization that built capabilities with the warfighter and transitioned that to DISA programs,” he said. “So yeah I was very happy that I was given that ability to strongly influence what the DISA CTO was, and how the DISA CTO did its job.”
“Moving forward I hope the next DISA CTO will have that same opportunity,” he said.