In his six years as chief information officer at the Justice Department, Joseph Klimavicz has sought to drive big change. He talks about making “large-scale, complex IT transformations” in a range of areas, with an eye toward improving services, reducing costs and enhancing cybersecurity.
“I think we’ve made remarkable progress in each of these areas,” he said.
A veteran in the federal arena, Klimavicz served as CIO of the National Oceanic and Atmospheric Administration for seven years before joining DOJ. In his present role, he is looking to drive modernization across DOJ operations, with a special focus on enhanced IT security.
Recent years have seen dramatic improvements in DOJ systems. “Just from an overview perspective, we’ve achieved over $600 million in cost avoidance,” Klimavicz said. “We’ve maintained oversight of the department’s IT budget, totaling over $3 billion annually, and kept all of our major investments within 10% of cost, schedule and performance objectives.”
Klimavicz and his team have focused on four main priorities: digital modernization, cybersecurity, data and workforce issues. In six years, they have gone from almost no cloud-based operations to running multiple services across 30 cloud service providers, and they’ve closed nearly 100 data centers.
“That represents real savings, real efficiency, real impact to the mission,” said Klimavicz, who’s also helped the department to consolidate 23 email services down to a single cloud-based system.
On the data front, Klimavicz has led the effort to develop the department’s first formal data strategy, “a roadmap for maturing DOJ capabilities, by building standard enterprise approaches for data management and information sharing,” he said.
When it comes to building and sustaining an effective and stable workforce, Klimavicz follows a basic guiding principle: the 30% rule.
“I was once told by a very smart person that leaders should spend one third of their time focused on their workforce,” he said.
It’s a rule he takes literally. “I actually have taken a week’s calendar on a Friday evening and gone through with different highlighters, yellow, pink, orange, green, whatever. How did I spend my time? Did I spend it on tactical items? Did I spend it on strategic items, or on the workforce?” he said.
While he’d like to see more direct hiring authority for federal agencies, Klimavicz said he’s looking to take advantage of other nonconventional recruiting tools, including short-term talent exchanges with industry. He’d also like to lean more heavily on reskilling programs, training up existing IT staff to fill much-needed cybersecurity positions.
For a federal leader to be effective on all these different fronts — modernization, data, workforce, etc. — it takes not just talent, but also a long-range mindset, Klimavicz said.
“As a leader in government, you must start with a clear and compelling multiyear vision, because it takes a long time to get things done,” he said. “You need to create a strategy with specific goals, and you can’t change it every year. Nobody’s going to follow somebody who every year has a different strategy, a different approach. Consistent leadership is critical to the success of your strategy.”
Moving forward, the IT focus within DOJ rests squarely on security — leveraging the emerging technologies tools to ensure systems integrity for the long haul.
Klimavicz is interested not just in what the new technology tools can do for him, but also what they might do to his systems. Take quantum computing, for example.
“A couple of years ago, it seemed like a distant problem. But I believe quantum computing will be able to crack current encryption within the decade,” he said. “We need to be thinking now about how we bake in crypto agility into our solutions.”
He likewise views the rising internet of things as more peril than promise.
“There are estimates that by 2025, there’s going to be over 40 billion IoT devices. Our folks want to use these devices, but every one of these devices represents an end point to protect,” he said. “And data will increase five to six times in the next five years, with all that information coming from these end-point devices. I’ve got to protect that information.”
One underlying approach to security is the “zero trust” philosophy, in which systems are designed to assume the worst in every user, to constantly be verifying and authenticating. That’s a key principle for Klimavicz going forward.
“Just about anything can be faked: pictures, sound, probably a lot of the biometrics. The question is, how do you deal with that? I would say that authentication is the new security boundary,” he said. “I think we’re going to be talking about zero trust for many years to come.”
Security is challenging, but so is much of government work. Federal leaders face budget constraints, workforce issues and diverse other hurdles — “but I wouldn’t have it any other way,” Klimavicz said.
“The mission in Department of Justice is incredibly important. We prevent crime, or try to prevent crime. We investigate crime. We have the best lawyers in the world and the cases that they’re working on are just incredibly important,” he said. “It’s always about the mission.”