This interview was taken at the December 2009 Government Technology Research Alliance (GTRA) Council Meeting.
Mr. Boyce is the Deputy Chief Information Officer, and Director, Office of Information Systems, at the United States Nuclear Regulatory Commission. In this position, he has oversight responsibilities of an IT program with an annual budget of over $60 million, and a government staff of nearly 200. Mr. Boyce began his career in private industry as a computer system engineer, and joined the government sector in 1986. Since that time he has held a series of information technology management positions in the federal government. (Source: 2009 Adobe Government Assembly)
Federal IT Group: Could you briefly describe some of the key challenges that your office is facing these days?
Thomas Boyce: One of the things we are working on actively right now is putting our desktop management contract up for recomplete: our entire infrastructure is currently outsourced, and that contract is up for renewal. Whoever gets it is going to be the key to how flexible and secure we are in accomplishing our mission and what infrastructure we employ to support that. This is probably the most important thing on my mind these days since I want our agency to move to a much more diverse environment as far as what we are providing to our employees is concerned, whether it is a desktop, a laptop, a thin client, or an operating system on a USB key – the goal is to allow them to move about securely and go back to the headquarters, as needed, to do their work.
Federal IT Group: What are the key capabilities that your office needs to acquire within the next few years in order to be able to deal with these challenges?
Thomas Boyce: We need to head in a very focused direction from managing a vast and diverse application portfolio (I still think, for example, there is a few rouge DB3 databases around) to 2-3 platforms that we would be supplying to the program offices. We have the necessary infrastructure in place, and this what applications should be built upon – the portfolio diversity that we currently have should not continue because it is not serving anyone well.
Federal IT Group: We noticed that you are an active LinkedIn user. What, if anything, do you find particularly useful about LinkedIn and other social networking tools in your line of work?
Thomas Boyce: You cannot know everything, and tools like LinkedIn have grown to the point where, if someone is involved with an issue that has been a peripheral interest of mine, he or she may be much more focused on that issue than I am, and I can really learn from what that person is doing. I could get messages, for instance, that there has been an update or a post on federated identity management at a university level, and I can then key in on that discussion since I would not necessarily have time to watch those sorts of things on my own.
Federal IT Group: What is your vision for social networks? Do you seem evolving into real pools of expertise that federal technology leaders can tap into as part of their day-to-day activities?
Thomas Boyce: I see how teenagers or kids in their twenties are working now – that is exactly what they are already doing when they get into the workplace, and the question remains as to whether older generations will be able to leverage that. The principal issues here are the openness and transparency [of the government] and learning from others instead of reinventing the wheel. I just came of the discussion on federal data standards (Note: The session titled “NIEM 100: Executive Overview of the NIEM Program”) and how you can do information exchange through a standards-based approach, which would be the key to the NRC accomplishing its mission more effectively. If I can learn more about that through social media or any other means, I will definitely try to do that.
Sunday, February 21, 2010
Interview with Peter Mell, Cloud Computing Project Lead, Senior Computer Scientist, National Institute of Standards and Technology
This interview was taken at the December 2009 Government Technology Research Alliance (GTRA) Council Meeting.
Mr. Mell is the cloud computing and security project lead at the National Institute of Standards and Technology (NIST) and is vice chair of the interagency Cloud Computing Advisory Council. He is the creator of the United States National Vulnerability Database and lead author of the Common Vulnerability Scoring System (CVSS) version 2 vulnerability metric used to secure credit card systems worldwide. His research experience includes the areas of cloud computing, security metrics, security automation, vulnerability databases, and intrusion detection systems (IDSs). (Source: FOSE 2010)
Federal IT Group: Could you briefly describe some of the key challenges that your office is facing these days?
Peter Mell: Although I don’t have any program office formally assigned to me, I am involved in all cloud-related groups within the federal government. I have been leading the Cloud Security Working Group for the past 3 months. One of the critical challenges is government-wide assessment and authorization for cloud-based systems. What is particularly difficult in this regard is getting the pertinent requirements vetted throughout the government – this largely involves selling the agencies on the idea that they can truly use this government-wide cloud authorization.
Another major challenge is to figure out how Trusted Internet Connection (TIC) would work with the cloud. On the surface, they seem to impede each other, and the issue then becomes how to find a solution for securing the federal perimeter and allowing the cloud to function.
Federal IT Group: Imagine an Office of the Chief Information Officer of some cabinet-level agency. In your view, what traditional roles within that office will undergo the greatest degree of transformation (perhaps even to the point of completely disappearing) with the advent of cloud computing?
Peter Mell: For one, agency data centers will evolve into private clouds. As the latter offer homogenous interfaces, the nature of system administrators’ work will change considerably. Also, transition of multiple IT-related functions to public clouds will increasingly free federal CIOs from the mundane task of running “commodity” IT applications, such as office and e-mail, thus allowing to channel this valuable resource (which the federal CIOs represent) towards mission-enhancing programs and capabilities.
Federal IT Group: We noticed that you are an active LinkedIn user. What, if anything, do you find particularly useful about LinkedIn and other social networking tools in your line of work?
Peter Mell: LinkedIn is very handy for keeping track of contacts – it is, in a sense, an automatically updating rolodex. I also find web collaboration and presentation tools to be useful – the feature allowing to exchange instant messages with meeting participants is particularly interesting (although it may seem a bit impolite to chat while someone else is presenting). I am not as active social media user as many people are these days: it is not, however, because I don’t like them – it is just that I tend to shut my computer off when leave the office.
Federal IT Group: What is your vision for social networks? Do you seem evolving into real pools of expertise that federal technology leaders can tap into as part of their day-to-day activities?
Peter Mell: I think it is inevitable. The real issue, however, is finding a secure cloud model that can support that. One can think of social media as software-as-a-service (SaaS). This, in turn, causes a problem when it comes to TIC, and we may need a physically and logically separated SaaS implementation for federal use. We have already seen the vendor community discussing that idea.
Mr. Mell is the cloud computing and security project lead at the National Institute of Standards and Technology (NIST) and is vice chair of the interagency Cloud Computing Advisory Council. He is the creator of the United States National Vulnerability Database and lead author of the Common Vulnerability Scoring System (CVSS) version 2 vulnerability metric used to secure credit card systems worldwide. His research experience includes the areas of cloud computing, security metrics, security automation, vulnerability databases, and intrusion detection systems (IDSs). (Source: FOSE 2010)
Federal IT Group: Could you briefly describe some of the key challenges that your office is facing these days?
Peter Mell: Although I don’t have any program office formally assigned to me, I am involved in all cloud-related groups within the federal government. I have been leading the Cloud Security Working Group for the past 3 months. One of the critical challenges is government-wide assessment and authorization for cloud-based systems. What is particularly difficult in this regard is getting the pertinent requirements vetted throughout the government – this largely involves selling the agencies on the idea that they can truly use this government-wide cloud authorization.
Another major challenge is to figure out how Trusted Internet Connection (TIC) would work with the cloud. On the surface, they seem to impede each other, and the issue then becomes how to find a solution for securing the federal perimeter and allowing the cloud to function.
Federal IT Group: Imagine an Office of the Chief Information Officer of some cabinet-level agency. In your view, what traditional roles within that office will undergo the greatest degree of transformation (perhaps even to the point of completely disappearing) with the advent of cloud computing?
Peter Mell: For one, agency data centers will evolve into private clouds. As the latter offer homogenous interfaces, the nature of system administrators’ work will change considerably. Also, transition of multiple IT-related functions to public clouds will increasingly free federal CIOs from the mundane task of running “commodity” IT applications, such as office and e-mail, thus allowing to channel this valuable resource (which the federal CIOs represent) towards mission-enhancing programs and capabilities.
Federal IT Group: We noticed that you are an active LinkedIn user. What, if anything, do you find particularly useful about LinkedIn and other social networking tools in your line of work?
Peter Mell: LinkedIn is very handy for keeping track of contacts – it is, in a sense, an automatically updating rolodex. I also find web collaboration and presentation tools to be useful – the feature allowing to exchange instant messages with meeting participants is particularly interesting (although it may seem a bit impolite to chat while someone else is presenting). I am not as active social media user as many people are these days: it is not, however, because I don’t like them – it is just that I tend to shut my computer off when leave the office.
Federal IT Group: What is your vision for social networks? Do you seem evolving into real pools of expertise that federal technology leaders can tap into as part of their day-to-day activities?
Peter Mell: I think it is inevitable. The real issue, however, is finding a secure cloud model that can support that. One can think of social media as software-as-a-service (SaaS). This, in turn, causes a problem when it comes to TIC, and we may need a physically and logically separated SaaS implementation for federal use. We have already seen the vendor community discussing that idea.
Subscribe to:
Posts (Atom)
