The sharp acceleration in top-level Federal government IT policy direction over the past couple of years has shifted the equation of modern technology implementation from an aspiration to an imperative for government agencies.
With detailed marching orders on cybersecurity, zero trust, and customer experience – just to name a few – agencies have to move on those fronts right now, and are depending on the private sector to help jumpstart their efforts.
Few know the government landscape and the potential for improvement better than Amy Gilliland, who has run General Dynamics Information Technology (GDIT) for going on five years, after 12 years as an executive at parent company General Dynamics Corp., and a six-year tour in the U.S. Navy.
We caught up with Gilliland in recent days to talk about the policy landscape and how systems integrators like GDIT are helping government agencies to meet the new challenges.
MeriTalk: The past year has featured several major Federal policy moves that implicate IT – the Cybersecurity Executive Order, Zero Trust Migration, the Customer Experience Executive Order, and there are others. How does GDIT see those business opportunities, and where are you meeting Federal agencies that need to move quickly on them?
Gilliland: From the pandemic, to emerging cyber threats and their increasing intensity, even to what’s going on in Ukraine right now – those have driven the policy urgency, especially on policies like zero trust from the Biden administration and the Office of Management and Budget.
These digital roadmaps have always been there for Federal agencies, but now there is a roadmap and a timeline for them to get there, and speed is really important. There is an incredible pipeline of work that has come from the confluence of all of those policy factors, so we have a lot of opportunity.
Our customers all have different needs because they’re all in different places – whether it’s customer experience, or zero trust, or cloud – you name it, they are in different places on that journey.
MeriTalk: what are some of high points on customers’ hierarchy of needs?
Gilliland: What they need first is agility. They need a company that can move quickly, that has experience, and large-scale expertise in delivering these technologies. And they also need a company that has that mission knowledge. They have a need to do things quickly, and they want somebody who understands their environment, which has always been an attribute of systems integrators like GDIT.
Customers also want to know what we ourselves have done or seen before, and how that applies to their environment.
For instance on zero trust, even prior to the integration of GDIT and CSRA in 2018, we had our own digital modernization footprint. As a result, we have been focusing on various elements of zero trust internally as we integrated the two companies because it was an opportune time to do so. For example, we were moving to Microsoft Office 365 in the cloud. For us, it was the time to do that.
So we have our own lessons learned, and our customers are starting to look at the same kinds of things. For instance, last month we won an OTA [Other Transaction Authority] agreement with Defense Information Systems Agency for their first enterprise identity, credential, and access management (ICAM) tool which supports zero trust. It’s that kind of experience that our customers are looking for.
MeriTalk: The fact that it was awarded under an OTA jumped off the page for us, because that’s all about moving quickly. What was the path on that one?
Gilliland: That’s a different muscle for companies like GDIT to exercise. The customer tells you what the requirements are, we went off to our Cyber Emerge Lab to work on it, and 45 days later we have a prototype that we gave to the customer so they see how it works in their environment.
We were down-selected as a result of that, and that was phase two – let’s see if this works with a real application in the environment. That was successful, and that resulted in the procurement phase which is the $162 million award.
And that ties into JADC2 (Joint All-Domain Command and Control) development at the Pentagon, which is connectivity for all warfighters. The great thing about that is everybody can share information, from a cyber perspective, the bad thing about that is everybody can share information. So ICAM is a huge part of the implementation of JADC2 because it is just assuming that everybody in the environment needs all the time to be identified and credentialed.
We are really excited about that and we are building on our own lessons about ICAM and developing ICAM-solutions in other places and with other agencies.
I see a real trend now for customers because of limited development budgets, and budget pressure in general, and the need for speed. They want ready, off-the-shelf solutions tailored to their environment. Customers are saying ‘don’t give me something that works in somebody else’s environment but not necessarily in mine.’ But they also understand that there are common attributes that could work very well, and so they’re looking to us for that kind of counsel.
MeriTalk: Coming back to zero trust – and perhaps at agencies that don’t have quite the robust IT operations that the Defense Department has – we produced some research recently that finds three quarters of agencies are throwing out a lifeline to the private sector for zero trust help. What is GDIT’s approach for agencies that may not be as far down road with zero trust, how do you meet them where they are?
Gilliland: It’s exactly that – understanding that everybody is starting from a different place.
What’s really interesting is we have a partnership between our CIO and our CTO shops, and when we are talking to customers, the CIOs of these organizations are interested in hearing from them both. I think that tells you something – the CTO is sitting at the growth, customer- oriented side. And our CIO has a lot of experience internally, but also with our customers because in some cases he is responsible for some of the IT that supports those customers.
So the conversation becomes ‘how would you do this for yourself, and how have you done this for other customers,’ and I think that is a really nice marriage of the two of those perspectives.
MeriTalk: One of the things we hear from agency IT officials is that the move to zero trust will take a long time – several years in the best case – and within that timeframe will be a lot of iterations. What is GDIT’s view on that as a long-term business?
Gilliland: It is a long-term opportunity, and the other thing that we know is that it will also change – the tools will change along the way because technology is moving so quickly. But to your point, GDIT set off on this journey a couple of years ago, and we have many of the core elements and pillars of zero trust. But we also have a roadmap for how we’re going to get the others there.
What is clear is that government wants agencies to have a sufficiently sophisticated zero trust architecture by the end of 2024. For some, that will be an easier destination than for others. It’s really about understanding, with the resources you have and the architecture that you have, how do you go about putting in the most important pieces to get you where you need to be. That answer is not monolithic, it’s different for different customers.
MeriTalk: Any customer examples that you can share?
Gilliland: We have a contract with the U.S Patent and Trademark Office, and for them the start of that path is moving to hybrid cloud, and that’s what we are working on.
On a completely different contract, we are working with the Department of Veterans Affairs. The VA is in a different part of their journey, and we’re designing an enterprise architecture that supports the Internet of things and 5G and some of the more advanced elements of zero trust.
So, different missions, different customers, different places on their journey. The customers want experience, and they want expertise, but they want it tailored to their ends.
MeriTalk: GDIT has a pretty rich history on the military side of the government. Any reflections on the collaboration between system integrators and warfighters, and the heightened stakes in mission focus?
Gilliland: There’s that domain expertise that comes from decades of working there alongside the customer. If you go into most of the spaces that our employees sit in alongside customers, it’s unclear who is the agency employee and who is the contractor employee. That’s great.
Going back to the needs for agility and speed, the customers want to have somebody that understands the environment they operate in. It is then incumbent upon systems integrators to really bring those digital roadmaps that are 5-8 years out onto the radar now, and start talking about those options. It’s those partnerships and that understanding of the customer environment, and being able to suggest these might be the ways you want to navigate.
The other piece of it is just an ongoing dialogue. For example, Pentagon officials had a recent meeting talking about cybersecurity and how our defense industry is looking at that, and thinking about that. There were CISOs and others on the call talking and sharing ideas, and I think the dialogue is really important. This is a partnership and a collaboration.
As an integrator, we are talking about where technology is going, and what skills do we need to have in order to deliver, and we need to be making sure we’re having those conversations. It’s very easy given the pace of technology and operations on customer floors right now for employees on our contract to deliver what the contract says. But actually what the customer needs is for us to not only deliver, but also to be thinking strategically for them about what comes next.
MeriTalk: How long lasting are some of those customer relationships?
Gilliland: That’s an interesting question. The average length of our contracts is probably somewhere between five and 10 years – roughly five years on average. There are employees that have served in particular customer missions for decades.
Customers like the relationships and there are definitely people they depend on, but also being able to leverage the GDIT enterprise, where we have 30,000 employees with different skill sets. We are able to bring those new skill sets into the contract, and share this expertise because we just put this roadmap in elsewhere, or we bring a brand new employee onto the program. Customers want the folks on the contract to continue to evolve their skills, and we are absolutely committed to that.