Treasury’s FITARA Scorecard grade at the time was hovering at a D due to scoring poorly in categories of IT transparency and management, cybersecurity, and exercising CIO authorities — components of the scorecard’s namesake law, the Federal IT Acquisition Reform Act.
The department’s management of its more than $5 billion annual IT budget left something to be desired.
While there’s much, much more to being a CIO than earning a decent FITARA Scorecard grade, Olson pointed to this achievement as representative of the greater progress Treasury has made during his tenure in reforming and modernizing its IT management practices.
“I think that’s pretty significant,” Olson told FedScoop in an interview.
Modernizing Treasury’s IT
Olson served as deputy CIO of Treasury for two years prior to taking the top IT role, so he had a strong grasp of the department’s IT operations and what foundational changes needed to be made to modernize the organization. And moving to the cloud was central to that.
“When I took the helm as CIO … we very much had an on-premise orientation to infrastructure. We were doing some stuff in the cloud. But in terms of our general approach, prior to my involvement, the thought was really more around consolidating into Treasury data centers,” Olson said. “And so we’ve really moved away from that orientation, and now have very much of a multi-cloud orientation that includes software-as-a-service and the various providers there, [as well as] infrastructure-as-a-service.”
He pointed to Treasury’s forthcoming billion-dollar T-Cloud contract as evidence of that, along with its adoption of cloud-based talent management and HR systems.
The department was also weighed down by technical debt when Olson took the CIO role, he said. While that’s not totally taken care of, he said eliminating technical debt was a big focus during his tenure, “looking around the department and writing out the most egregious technical debt, particularly from an end-user perspective.”
By technical debt, Olson is referring to the costs — in financial investments, labor and other areas — of supporting legacy IT environments, particularly those that are customized. Technical debt is often the crux of federal CIOs’ modernization efforts because while it may appear to be expensive to transition to new systems in the near term, in the long run, sticking with outdated systems is often more costly.
Olson is also a big fan of commercial, low-code and no-code software, pushing the department in that direction instead of building or buying “bespoke” solutions. He said “the vast majority” of the applications Treasury deployed to support rollout of the CARES Act and American Rescue Plan Act were low- and no-code platforms.
“We’ve really moved completely to an orientation focus on low-code, no-code platforms and software as a service,” he said, “really only pursuing bespoke development where we can’t buy it as a service or we can’t configure it as a sort of a low code module.”
On the cybersecurity front, Olson said cyber and risk management are always top concerns for any CIO, but the sweeping SolarWinds Orion breach was a “game-changer” in amplifying that. Treasury was one of several federal agencies that fell victim to the SolarWinds hacking campaign.
“It was an inflection point in the whole progression of the cybersecurity challenge,” Olson said. “There was an intensity around it.”
In his time as CIO, Olson said Treasury has taken steps forward improving its cybersecurity and developing what he calls “a first-class high-value asset program.” Treasury has built its own “in-house version of [the Department of Homeland Security’s] risk vulnerability assessment and security architecture review programs such that we’re doing that ourselves even beyond what DHS might do.”
One CIO to rule them all? Maybe not
While Olson touted his department’s improved FITARA Scorecard grade, he admitted that he’s not the biggest fan of one part of the law in particular.
FITARA’s creators wrote the law as a mechanism in large part to centralize CIO authority and IT oversight within federal departments under a single department-level CIO. One CIO to rule them all, in essence, much like massive corporations in the private sector frame the role.
But Olson doesn’t think that should be a one-size-fits-all statute.
“At the end of the day, these are enormously large organizations,” he said. “And, you know, just like we have a federal government and we have state governments, and in theory, we have some separation of duties — these organizations are so big that some manner of federation needs to exist, should exist.”
Olson called that federation and separation of duties an “optimal model” and suggested that it’s “probably time to look at [FITARA], sort of assess, maybe revisit, tweak, what have you.”
Rather than managing departmentwide IT with a heavy hand, Olson said “it’s still about governance.”
“I am supremely grateful and thankful to the bureau CIOs that I had a chance to work with at Treasury,” he said. “And it’s those relationships and trust, and having a good governance model, and working in that tension of the federation where sometimes it makes sense to do things together as a department, and sometimes it makes sense to do things individually in bureaus and working through that in a very transparent data-driven way.”
Olson doesn’t have a new job lined up yet, he said, explaining that he felt more comfortable seeking out his next role while not working as Treasury CIO so there are no ethical questions or misperceptions.
“I did not leave to take a specific role. I’ve been in the federal government now for 18 years … So it’s been an excellent run. But I think it’s time to do something different,” he said. “And the past 18 months have been pretty intense with remote work, the pandemic, a new administration, SolarWinds. So what I wanted to do is look at the things that I’ve learned, accomplished over the past 15, almost 20 years here in the federal government and think about where to apply those next.”
Treasury is also looking for Olson’s replacement, posting a job listing for a new CIO on USAJOBS recently. Until then, Tony Arcadi, the department’s associate CIO for infrastructure and operations, has stepped in as acting CIO.
For whoever takes the CIO job in a permanent capacity, Olson has some parting advice: Don’t get distracted by shiny objects, and don’t be afraid to borrow good ideas.
“I’ve just seen a lot of CIOs or executive technology executives in my time get distracted by shiny objects, and I fundamentally believe the job is about the essentials and the priorities,” he said. “There is so much opportunity to improve the federal technology without necessarily stepping onto the bleeding edge and taking those risks. And sort of simply adopting what are very proven best practices in other federal agencies or nonprofit domains or within private sector companies.”