Michael Cockrill became CIO of Washington state in 2013. Since then he has worked to streamline the state’s IT organization, help lawmakers understand the technological impact of their public policy decisions, and secure Washington well into the future.
In an interview with 21st Century State & Local, Cockrill discussed his role, past achievements, and how Washington’s IT office is becoming more millennial-friendly.
21st Century State & Local: How does Washington organize it’s IT resources?
Michael Cockrill: States tend to fall into two main categories when it comes to their IT organization–centralized or federated. In centralized states, including Michigan, Colorado, and Texas, the state basically has one IT team that reports to the CIO and that IT staff gets parceled out to the agencies. In federated states there is one central team and then each agency has its own additional team that reports to the director of the agency. Washington is a militantly federated state.
21C: Tell us a little bit about your position.
MC: I have three different roles in the state. First, I have the statutorily defined role of CIO. It is a Cabinet-level position, so I report directly to the governor. I am legally responsible for technology policy and strategy, as well as standards and oversight. Any project across the state enterprise comes under the oversight of my office.
My second role is the director Washington Technology Solutions, also known as WaTech. We kind of keep the IT electricity on, we run the network, we manage the data center, and we are responsible for all of the big applications that all the agencies use.
The third role I end up playing isn’t statutorily defined, but is becoming more and more important and more and more part of daily interaction. Myself and my CISO, chief privacy officer, and the head of the office of CIO end up playing an advisory role to the governor’s office and the state Legislature. The public policy issues around tech have historically been about economic development, but there are really two core technology issues that are becoming policy issues–cybersecurity and digital privacy. More and more we find ourselves consulting with lawmakers and the governor’s office on laws that are affected by those sets of issues.
21C: Why do you think your team is now serving in this advisory role?
MC: As Internet technology is moving into the physical world, legislatures are becoming more and more active in legislating the physical world. The Internet of Things is a great example of a very rich set of very complex tech-focused issues that affect people’s lives in a way other technology issues never have. We have to start asking what role do we want government to play in regulating that. The policy advisers that legislators currently rely on aren’t technologists–they are focused on economic development. I expect that will change in the state government over time, and the state will hire a different profile for tech advisers, but for today, my team ends up playing that role. For my team, we probably spend 30 percent, or more, of our time in some kind of educational or consultative role, particularly in cybersecurity and digital privacy.
21C: You’ve said Washington is “militantly federated.” Does that mean your office runs all of the government technology or is some run by individual offices and agencies?
MC: My team runs the core email systems, HR systems, financial systems. Technology that agencies use to get the job done is centralized in the WaTech team. If the app is focused on running the agency, my team runs it. If an app is focused on delivering the mission of an agency to citizens, the IT team in the individual agency runs it.
21C: Tell us about some of your main achievements over your tenure as CIO.
MC: First, we created pride in the IT community within the state government. The Center for Digital Government does a detailed survey of IT departments for each state. When I got here Washington had a C-minus; we got an A-minus this year. We went from having five states worse than us, to four states better than us. That movement came from exposing the great works people were doing around the state, getting some press behind it, and reminding people how important their work is and what a difference they make for the 7.3 million people in Washington.
Second, when I joined this organization there were three different departments that were all members of central IT, there was an IT team in the budget office, in general administration, and another in network maintenance. The governor asked me to bring them together and create a new agency–WaTech. We are spending less money, making our customers happier, and getting more done. We give our customers better service and, as a result, support them in delivering their mission to the people of the state.
21C: What projects are coming up for your office?
MC: The one I’m most excited about is an ongoing project regarding workforce development. Like so many other states we have an aging workforce. We need to attract and retain new talent, so we’ve set up a structured recruiting approach. To do that, we have redesigned our physical plants, are allowing people to work remotely, and are changing up the rules about working from 9-5. We are now working the way millennials want to work. Millennials want work-life integration, not work-life balance. We are reinventing the brand of public service.
21C: How does your office work to keep citizen and employee personal data secure?
MC: We think of cybersecurity as sort of a team sport. We don’t think of it as keeping citizen data secure, but as an umbrella over the state. We’re not just tech-focused, but also focused on jobs, training, and economic development.
We want to make sure there is an education system that can create a workforce that can keep the state secure. We call it the framework for the continuity of commerce. Cybersecurity isn’t about keeping citizens’ data secure, it’s about creating the ability to do commerce. As soon as you hook up your water purification system to the Internet or have your education system relying on the Internet, you have a huge issue around cybersecurity. We have a bunch of swim lanes that include law enforcement, regulatory issues, and critical infrastructure.
Our Office of Cybersecurity, which lives within the office of the CIO, has roughly 30 people that focus on coordinating and information sharing across all the dimensions in the state government. We do security reviews for every product the government uses, we have a forensics team, and a cyber-response team. We work to make sure there is coordination across public and private sectors, as well ensure that law enforcement is coordinating with Federal counterparts.
21C: Any advice for other state CIOs?
MC: Your job is changing. You and your teams are not just responsible for technology; you are responsible for the overlap of technology and public policy. That is a big shift. The business of government is public policy and IT should be much more involved in helping set public policy. Be aware of it, pay attention to it, and strive to make sure your voice is heard. You need that view of the hardcore technologist to make sure that the people elected to make policy understand the ramifications of the policy they make.