Editor’s note: The winner of the Chief Officer Awards Government CISO Award announced June 17 is Garth White of U.S. Department of Homeland Security Science & Technology.
On June 17, WashingtonExec will be virtually celebrating the most impactful and innovative C-suite executives in government and industry. These chief officers work in technology, security, data, operations, finance, business and more, excelling on both sides of the government contracting sector. Our team of judges have chosen the finalists for the inaugural Chief Officer Awards, so before we announce the winners during the event, we wanted to get to know the finalists a bit better. This Q&A series highlights their careers, successes, proud professional moments and notable risks.
Bo Berlas is chief information security officer at the General Services Administration and a finalist in the Government CISO Award category.
What has made you successful in your current role?
Leadership is about understanding purpose and objective and mobilizing teams to achieve them. Good leadership however is about much more. Fundamentally, it begins with a few key tenets that I have learned over my career. To be successful, it is imperative we understand why we do what we do, ideating often to ensure we are focused on the right things, ceasing low-value work, prioritizing high-value work and identifying what is next. The latter is especially important in cybersecurity, as it is a check against complacency and ensures focus on growing cyberthreat challenges.
Good outcomes are attributed to good teams. It is important to understand that our people are our best and most valuable resource. We must form the right team and build the right culture; one that values diversity of thought, people and experiences and gives our people a say in determining work processes.
I firmly believe that staff-empowered, are staff-engaged and when work is performed around work processes developed by the teams themselves, with transparency and good governance, it will result in more innovative approaches and better outcomes. I have attempted to put into practice these basic tenets and believe they have been valuable in facilitating positive change.
What are you most proud of having been a part of in your current organization?
Serving in government as a public civil servant has been the honor of my career. In my time at the GSA, I have been privileged to work alongside talented individuals from GSA, government and industry. These are individuals that are passionate about what they do, believe as I do about the mission of the General Services Administration and serving the American public.
I am proud of my role in shaping the underlying framework for security assessment and authorizations of cloud solutions in government; facilitating some of the first cloud authorizations; supporting development of the FedRAMP program; and leading development of FedRAMP Tailored. The combined work was fundamental to facilitating the adoption of cloud in government, leading to the many innovations in IT, and efficiencies in driving business and mission outcomes.
What are your primary focus areas going forward, and why are those so important to the future of the nation?
As an organization and as a nation, it is important to understand that we live in an ever connected world that tests traditional conventions and challenges us to come up with new approaches to combat growing cyberthreat challenges. Focus areas align with that reality and involve a pivot to a more operationally-driven security organization focused on enterprise security visibility; security automation; DevSecOps and ongoing authorizations/continuous monitoring; and bringing security to the edge — at the data, user and device levels.
How do you help shape the next generation of government leaders/industry leaders?
One of the hallmarks of good leadership is grooming the next generation of leaders. As individuals, we are shaped by our experiences and as leaders can point to other skilled leaders that helped us along the way. That has been true for me and am committed to paying it forward by challenging staff with opportunities to stretch themselves; creating an environment to take intelligent risks, providing open and honest assessment of strengths and weaknesses — with opportunities to address them and training to further career development.
What’s one key thing you learned from a failure you had?
In life and at work, I have learned to embrace my failures and to learn from them as they are oftentimes more valuable than ones successes. I have learned that hard work and work ethic are equalizers and often trump other factors. For the things that matter, there are no shortcuts. To be successful, you have to put in the work. This requires development of an appreciation for complexity and detail as the obvious answer is oftentimes not the right answer.
What’s your best career advice for those who want to follow in your footsteps?
Complacency is a trap. Become a lifelong learner and never let go of what got you there in the first place. If in tech or cyber, that often means your technical skills. As we rise in the ranks, we are challenged between maintaining hard skills and developing soft skills.
In today’s ever changing environment, while it is important to develop leadership and communication skills, it is equally important to maintain and moreover further develop technical competency in new and emerging technology. Beyond that: work hard, learn to deal with people effectively, be passionate about what you do, and success will come find you.