Former State CIO Jamie Grant Weighs in on NASCIO’s Top 10 List

On Wednesday, former state CIO Jamie Grant joined Steve White, field CISO at Wiz, in a webinar to discuss the National Association of State Chief Information Officers' (NASCIO) annual list of top tech priorities for CIOs, along with other topics, including Florida’s approach to technology.

NASCIO conducts an annual survey of state CIOs to ask about the top policy and technology issues facing their states.

This year’s top 10 priorities include:

• Cybersecurity and risk management 
• Digital government and digital services 
• Artificial intelligence, machine learning and robotic process automation 
• Legacy modernization 
• Workforce 
• Data management and analytics 
• Broadband and wireless connectivity 
• Identity and access management 
• Cloud services 
• CIO as a broker and a new operating model 

During the webinar, Grant shared his perspective on this year’s list, along with how Florida has approached technology in the past.

“To have the conversation around what the NASCIO top 10 list means, I think you first kind of have to step back and understand a little bit about what it’s like to be a state CIO,” Grant said. “When I showed up in Florida, 91 cents on every dollar was a federally funded dollar dedicated to running a capital expenditure in the way of a data center; 82 percent of my [full-time equivalent] or human capital budget was dedicated to that data center, and the remaining 18 percent was actually to do things like cybersecurity and data governance and enterprise IT.”

Another challenge Grant pointed out was the amount of time he and his team had to work on projects.

“The longest my road map could be was six months, maybe a year at best, but not uninterrupted,” he said, making “it almost impossible to really lead an enterprise and lead transformation.”

However, Grant said NASCIO’s lists helped him in two ways: It created a sense of unity among state CIOs to know that each state was facing similar pressures and stresses, and it served as an effective advocacy tool when working with the state’s legislature.

“In Florida, we have a very strong legislative model, which means dealing with legislative and committee staff, legislators, chairmen and committees,” Grant said. “You can go into those places and have the conversations and say, ‘This is what we need to be doing.’ But because it’s you saying it ... there’s this friction or tension that you push on legislative staff for money, permission, power or whatever it may be.”

The NASCIO top 10 list helps in these situations by giving CIOs the ability as a national community to have these conversations, he added.

Another topic discussed during the webinar was cybersecurity and why it remains at the top of NASCIO’s list. According to Grant, the short answer is that a slip in cybersecurity is the quickest way to get fired.

“I mean, if we’re going to be honest, nobody gets fired for failing to retire a legacy system,” Grant said. “I’ll give you an example: We had a data center incident when we still had the data center at the Florida Digital Service. It was a storage array that was end of life. Everybody in the organization had been looking for resources to replace it and could not get funding at the legislative level to get it replaced.”

Because of this, an outage occurred for a couple of weeks, impacting several agencies. Once the issue was resolved, Grant said, “there were some people in some pretty powerful positions around government that said, you have to fire somebody.”

As a result, FLDS launched the state’s first cybersecurity operations center to prevent further cybersecurity-related issues.

“When I was appointed, zero state agencies had ever technically integrated in any capacity around cybersecurity in the history of Florida; zero local governments had. By the time I left, 35 agencies were integrated into the cybersecurity operations center, and almost 200 local governments and growing were integrated into the state cybersecurity operations center,” Grant said.

Lastly, Grant touched on what agencies should consider when moving to the cloud and AI. Here are some key takeaways:

• “Every organization needs to kind of determine their strategy of [capital expenditures] versus [operational expenditures]. Should government be in the business of running data centers and building software? Or should it be in the business of consuming software and services?” 
• “We have to quit talking about IT versus business. IT is the business. The next generation of CEOs, COOs and executives, both in the public and private sector, are going to be required almost explicitly, if not implicitly, to understand the SaaS world and a digital operation. So, if we’re still living in the IT versus the business world, we’re failing.” 
• “I think with AI, one of my biggest fears is the public sector trying to regulate it. You look at some of the executive orders and pieces of legislation that are out there. I hate regulatory capture. I think it’s a pervasive plague that causes problems for the constituent, the innovator. We still need to figure out what AI actually is.”