[00:48] The Bigger IT

Petko: In cybersecurity, you’re always talking to the CISO. Today, we have a great guest that gives us not just security but the bigger IT, the budget, everything. He’s been in the government for 40 years. It feels like they know the ins and outs of everything and part of everything. 

Rachael: Let me jump into it and introduce Maria Roat. She's got 40 years of civil service experience. Most recently, she’s Deputy Federal Chief Information Officer. She's also served as a small business administration chief information officer where she led the organization's digital transformation. It’s now a more proactive and innovative enterprise services organization. It is responsive to the business technology needs of SBA programming offices and my favorite small businesses and entrepreneurs across the United States. Such a critical role. There are so many other accolades and achievements.

Petko: I've been in the government on and off and it's always insightful because I've always been on the cyber. But Maria Roat, you've been on, I would say both sides of security, non-security, budget, everything. In your 40 years, what's the most memorable thing that comes out for you?

Maria: You know what, just looking back overall, it's interesting because I don't know that I've ever done the same job twice. So I've been in computers and tech before it was called IT and cybersecurity. I've had so many different roles over the years and I can truly say I've never done the same job twice.

I never had the same title, always did something different or one-off as I moved from one job to another. 

 

The Power of Thinking Something That’s Memorable

Maria: If you ask about something that's memorable, I think just to be able to navigate through that. Do so many different things over the years and the opportunity, certainly the federal government gave me.

Petko: I hear you recently retired from the federal government. What are you up to now?

Maria: I took some time off, I really needed it. I had some tough years as the Deputy Federal CIO coming in the middle of the pandemic. Working through transition as the SBA CIO before that and other jobs before that. I've been running hard for quite a while and the first thing I did was take some time off, definitely took some time off.

Did some hiking, took some vacation time, and spent a couple of weeks in Maine doing nothing but hiking around. It's really been terrific.

But I did hang out my shingle a few months ago and I'm doing a little bit of work behind the scenes, both some board work, some strategic consulting work, as well as working for a couple of non-profits helping them, one of them vetsports.org helping veterans. I've been working with them for a number of years.

Recently joined the board and working with another small nonprofit in the county here where I live that provides IT and cybersecurity work to other small nonprofits. So definitely keeping busy. I am not working full time and I'm still getting in some hiking and a bunch of vacation time.

Petko: I'm glad you've had the chance to disconnect a little bit and at the same time. Do we really ever retire? If you think about it, we always have to keep our minds active.

 

The TSA Secure Flight Program

Petko: It sounds like you went right back into it and said, "I want to keep active and still give back to the government in some ways." We were talking earlier about some of the programs and especially since you were the Deputy Federal CIO. You also worked in DHS after 9/11 got founded. One of the areas that you brought up was really interesting to me is the TSA secure flight program. Can you tell us more about that?

Maria: I started at TSA in 2004, so this was right after DHS stood up. The 9/11 commission stood up DHS and put all these agencies, and departments together under one big umbrella. I started there and I was the deputy under the secure flight development. So the development of the secure flight program, CAPPS II had gotten killed. That was around privacy. 

When people fly, the premise is, what information do you need to collect? What are the minimum data elements to show that you are who you say you are? That was one of the projects. It was actually in part of the appropriations language for TSA to say, "Okay, CAPPS II got killed. We're standing up the secure flight, do your homework and do the math. Figure out what the minimum data elements are." 

Going back, this is 2004, 2005, I ran this project. Congress gave us essentially 90 days to say figure out what the minimum data elements are. We actually hired this company mathematicians, huge mathematicians, and what they did was they dug in on, what does it take to fabricate an identity? 

 

Minimum Data Elements

Maria: What are the minimum data elements and what do you need to fabricate an identity? You know as well as I do, you go to Target or somewhere they ask for your zip code, and guess what? That's not required when you go to the store and you just gave them an element of your identity. 

Now they have your name with your credit card and you can figure out where somebody lives. There are a lot of elements in fabricating an identity, not just stealing somebody's information online. But there are a lot of little things you can put together. But what are those core things? 

What this company did was really fascinating because they used high-level math. They used a lot of data and really dug in and looked at those common elements that people have. Your name, your address, your date of birth, anything that covers you as an individual. Congress actually extended it. It was a six-month program because they were so interested in what we were coming out with. 

What it came down to is the core element to start with is your name and date of birth. Your first name, middle name if you have one, and your last name and your date of birth. If that matches up, you're through the first gate. With that, there was a lot of work going on with the terrorist watch list that was getting built out. How do you match and what do you need? You have to be able to do this very quickly.

There was a lot of conversation because those elements are not only used for domestic travel but think about when you travel internationally.

 

The Power of Thinking and Proving Who You Are

Maria: CBP has a mission dealing with the carriers, the aircraft, the airlines, and the carriers dealing with international travel. TSA has the security piece for domestic travel. We work very closely with CBP, but we had to bounce everybody up against a watch list. So we started with name and date of birth as the minimum data element. It was actually cool to be able to do that. To run the testing, build all the test decks, and really use the data.

To show that it was your name and date of birth that were the minimum elements needed to prove who you are.

It was actually a really cool project. I worked on that for a little while. A lot of congressional interests, as I said, extended the project from 90 days to 180. After CAPPS II got killed, there was a lot of sensitivity. In partnership with that, there was the redress program. If you were designated a terrorist or something, how do you say that this isn't me?

There was a lot of other work going on in parallel to this as well.

Petko: I'm still thinking about 90 to 120 days, just how fast government can move when it wants to move. If you think about it.

Maria: You have no idea, I mean we ran this project. The appropriations language said, "Go do this, get it done now, it's due in 90 days." Then they were so interested in the report, they extended it so that we could actually do even more validation around it. The government can move very quickly and very fast when it wants to.

 

[09:39] The Power of Thinking and Envisioning Something to Success

Rachael: I was reading this awesome interview with you, Maria. It makes me think of this comment you made about when you think about these projects and programs. There's the one-year funding and then there's the multi-year funding. I thought that was a really good observation from you on how you bring something to success. I’d love for you to talk a little bit more about that. In all your years of experience and having worked with these significant programs, it's got to make such a huge difference. How do you get that multi-year funding sometimes commitment?

Maria: I think it's important for your listeners, the federal government, doles out money one year at a time. If you're in a continuing resolution and you don't get your budget in October, well then you're getting a trickle of funding up. That’s until the time Congress figures out that here's what your agency or department's budget's going to be. So we're in these one-year cycles. 

If you're in a continuing resolution and you don't know what your final budget's going to be, say until May, or June, you're already 6, 7, 8, or 9 months into a fiscal year. Then all of a sudden you're like, "We have more than we thought we were going to get or we have less and we have to adjust." And the fiscal year ends in September.

So as a little background, as a CIO that's in an agency, that's what you're working up against.

The hard part is how you manage sustained continuous modernization and doing new things knowing that you don't have a budget. You can't do anything new while you're in a continuing resolution. 

 

Learn to Work Within

Maria: Then you have to live within a certain small amount of Dollars that really pays for and affects your lights. Keeps the lights, keeps the water running, those kinds of things. You have to get really creative. 

I will tell you that I'm pretty creative and I learned to work within that and how to make sustained continuous modernization. When I went into the SBA, they were more than a decade behind in their technology for example. How do you take this continuing one-year budget cycle and do a thing? When I came in October of 2016, my budget was already baked by my predecessor, so I had to live with it for a year.

The first year I was planning for the next year and then the following year doing the what ifs and what could I do. I will tell you that getting creative requires when you have, for example, 30 different cybersecurity tools. You look at all those and go, "Why do I have all of those?" Then you look at the overlap and you look at all of them, you start cutting and next thing you know have $5,000, $10,000, $50,000. 

I'm going to caveat this. SBAs budget was a rounding error when you compared it to some of the big agencies like DHS. But working within that you can get really creative. Next thing you know if you have $50,000 or $100,000, you can do some kind of operational pilot to really get something kick-started.

That was really how we tried to be creative with our budget within the constraints.

 

A Continuing Resolution

Maria: But I also kept a wishlist so that if a continuing resolution kept on and then all of a sudden there were available extra funds from the agency. Maybe another program elsewhere in the department didn't do something and I could benefit from it. I always had a list of about 20 things that said if 50,000 or 100,000 or a million dollars or $2 million landed in my lap, what would I do with it?

And I always had a running list and I had task orders and contracts and knew what I needed to do. 

So that if money landed very quickly I could move. I also had to compete not with just the agency's mission, but also with broader federal government mandates. Just pick your mandate across the federal government. I had to balance what was best for my agency and my mission while keeping aligned with whatever IT and cybersecurity mandates were coming along.

Being in that budget cycle of one year is really hard. I think the technology modernization fund gave me some opportunities for me to have a working capital fund where I could take one year of the money. There's a lot of work that needs to be done. But with the appropriators on the hill, we could turn that one-year money into three-year money.

Then the next thing you know, I could actually do some strategic planning because you know as well as I do in technology, plans change. You can have a target that says in three years we're going to do X, that's great. But how you get there may zigzag and shift over time. 

Maria: Having that flexibility of money over three years affords you the flexibility to be able to, maybe you can zigzag a little bit as technologies change. But you're still shooting for the same target.

Rachael: I like the creativity, it's almost when you have those kinds of constraints that you are able to think about. Sometimes I think more constraints make you get more creative and more innovative to get things done. I love your thinking and all the things that you've been part of, like the CIO council pilot. You talked about pilot programs so critically. Could you share with our listeners more about this, the CIO council?

I just love the communications and everything that came out of that.

Maria: The CIO council, the federal CIO chairs it and there's also a vice chair, one of the CIOs from the agency. The CIO council is a group of federal CIOs from all the big agencies. So the 24, we call them CFO act agencies come together once a month. Underneath the CIO council, there are a couple of committees, and there's a workforce and innovation committee, which I shared.

Another one that's around shared services infrastructure and the like. 

The CIO council can really move the needle in the federal government around technology. There's a lot of power that's there within the CIO council because if the council comes together. You get a group of all the big CIOs from the federal government and you want to do a thing, you can actually use that power to move the needle on something.

Whether it's guidance across the agencies or going to the Hill. 

 

You Can Move the Government

Maria: Briefing your congressman saying, "The CIO council is making a recommendation, we want to help you." Or shaping bills and law that comes out of congress. So the CIO council has a lot of power to be able to work in many of those things. As a CIO and a CTO, I worked on some pilots and really pushed the needle. 

I took a little bit of risk on some items that were then adopted federally wide across the government. Because you show the CIOs, you show the agencies what's in the realm of possibilities. The next thing you know can really move the entire federal government. This is where the power of the CIO council lies. 

For the committees really driving change around hiring for the entire workforce rather than agency by agency. Then the innovation committee, several years ago when I was the chair, we did some primers for the CIOs, because of quantum computing. Knowing that quantum computing's right on the horizon and the encryption algorithms were going to be impacted, all about cybersecurity.

We did some primers for the CIO and said, "These are the things you need to start paying attention to now because in 10 years this is coming around. How do you set yourself up now for the lookout over the horizon of 10 years to really set the stage? Because while you're doing new systems, new programs, now zero trust.

But if you still have some legacy capabilities, legacy systems are out there. You're using the encryption methodologies that you're using today are not going to hold up in 10 years." 

 

[18:01] How Do You Take the Power of Thinking to the Next Level?

Maria: The council was able to drive a lot of that and not just use primers. How do you take that primer and then take it to the next level and say, "Okay? Get that into a budget so that you can get some of the modernization done." I'm throwing a lot of things out there, but it's not just one lever. There are a lot of levers that really move things in the federal government.

Petko: I was thinking it would just be sharing practices, but all of a sudden you just said know we're doing pilots together, we're buying together. It took it to a whole level. That's amazing. It's so efficient. I'm curious, what are some ways that you can see it improving or evolving in the future?

Maria: I wouldn't say just the council, but just technology. You've got the council that's really leaning in and where we need to go as a federal government because you've got zero trust. All the work that's underway right now as agencies are continuing in raising the maturity. With the council, it's taking the CIO's responsibilities and authority and what needs to happen to the next level. 

When you go back in history, the CIO didn't have a seat at the table. The CIO has a seat at the table for the most part now. What can the CIO council do? This is a question, what can the CIO council do to continue to influence and maybe for FITARA, which is the law? Then Clinger-Cohen before that gave the CIO a lot of authority.

What else does a CIO really need authority on by law where the CIO council can really continue to build on that?

 

As Technology Changes

Maria: We know that there's a lot with the workforce and as technology changes, data, and data analytics. The CIO's seat at the table and working with the CDO, the chief data officer, and others. I'll tell you, the CIOs across the federal government, really have a unique seat at the table. They're not only technical people, they are business people.

I've talked about the budget and some of that but really understood the mission of that agency. 

How the pieces and parts work together within that agency and department and bring in a lot of the data. I'll give you an example of that. As the CIO of the SBA, there were 18 counseling programs and counseling small businesses. Every counseling program collected information about the small business and where they're located. When you look at the elements across all of those counseling programs, more than 80% of the data elements are the same.

And so, when I talk about the CIO having a view across the organization, not only did I have to understand the counseling programs. But when I dug into the data, my folks dug into it more than 80, 85% plus of the data elements are the same. So how do you take that and turn that into a vision of this is the business part? How do you take that into a vision of the life cycle of a small business every time they touch the small business administration?

This was my driver in not talking in technical terms but in business terms. I think this is where the CIOs have a unique seat at the table. Then when I fleeted up as the deputy federal CIO, I could see across the entire federal government and the enterprise. 

 

The Power of Thinking Really Drives Change

Maria: How agencies connect to each other and how they share information and data across. To your question about what else can the CIO council do, they're doing a lot already with the information sharing. Certainly from my seat as the deputy seeing the interconnectedness of the federal government to really be able to drive change and ultimately serve the citizens better.

Petko: Maria, when you're talking about the business side of it, I can't help but think about the security side. It's just my mindset. When you're deputy federal CIO, you saw a lot of cyber attacks. How do you balance the business with the risk of things like Sunburst, Colonial Pipeline, and Log4j, Log4Shell? When you hear those things and your CISO comes to you, you've got a balanced budget.

The business and the CISO is like, "I've got this incident." What's the first thing goes through your head? 

Maria: As you drive modernization, digital, use the terms you want, digital transformation, modernization, what have you. Cyber security has to be built into everything that you're doing. You have to build it in. In a world of cyber security, sometimes you have to think outside the box and take risks. As you're building technology, you need to have the CISO with you. 

As you're really pushing the envelope, you need a CISO that is open to taking risks. I'm talking about prudent risk here, but really being able to lean in. The CISO absolutely has to be a partner in everything you're doing. Whether it's governance, that's the policy and the money and all of that. But make sure that the CISO also has a seat at the table with you because they have a really strong voice. 

 

A Threat Hunt Team

Maria: At the SBA, I was running a bank, think about it, billions of Dollars, I was running a bank. Think about my view as a CIO with my CISO as we ran a bank with billions of dollars in loan guarantees and grants and the CISO really being able to lean in. Understand the entire, not just the architecture, and not sit back waiting for an event to happen, but be proactive. I had a threat hunt team that focused on the financial sectors, of a couple of people. 

Every day, I got reports about what was going on in the financial sector, paying attention to certainly broader cybersecurity. But with a lens toward financial cybersecurity and what's going on in the financial institution. The CISO absolutely is a partner and in lock step with me as we were really driving change and modernization. Even now when you look at the federal government, a lot of agencies were way ahead on the zero trust architecture. But the maturity level across the federal government varied.

Some agencies were way further ahead than others because zero trust is not like a one-and-done. It's a continual evolution and it's not just, "We're going to build an architecture and after four years we're going to be done." You're continuing to evolve in what that architecture looks like and there're many things that go with it.

The CISO is absolutely a part of that and really brings up the continual maturity across the organization. So I like my CISO to be a risk taker with me, prudent risk. I thought that was always really good. Being able to just lean in and build security into everything that we were doing as we were really trying to drive change.

Rachael: I love everything you're talking about because it's such a great example of, you getting into the government world, the government system if you will. You get a lay of the land and you're like, these are the cracks in the system that we can absolutely improve. Improve it from the inside out and come up with these fantastic programs and cross-agency communication, data sharing verification, validation of data, and breaking down silos.

I just love to hear these stories, because it can be done. You just have to be creative and want to try new things and take the prudent risk and look at what can happen.

Maria: I'll tell you what, working so many years in the federal government, there are things that I did in the federal government that would just never have happened in the private sector or where the federal government was ahead of the private sector. I mean, if you go back to the nineties, I was running a global enterprise network and running network monitoring on a global scale.

That was in the mid-nineties. Now mind you, it was a hodgepodge of tools and stuff, but we were watching all the routers, the switches. 

We were actually looking at data when we had the most traffic and things like that. So definitely, a networking nexus. But even so now in the federal government, think about NASA, they're using AI and the astronauts' gloves. It takes several hundred hours to inspect the data to make sure that an astronaut's glove is what it should be.

There're no flaws in it, anything like that. 

 

[27:04] Leveraging AI

Maria: The work last year that they did, they did a little pilot and they took the data and put it up in the cloud, leveraged AI, put some algorithms on it. It took about five seconds to do what took all these man-hours. Who gets to do that? You don't get to do that anywhere but in the federal government.

That's what's always kept me working in the federal government. I mean working at the Department of Transportation, it's all about safety. But think about the data that you work with from all the states that bubble up from pedestrians to buses, to cars, to tractor-trailers, to railroad trains and every mode of transportation.

Who gets to work on that just sheer scope and volume of working with the states? This is where I think the federal government really doesn't do a good job talking about all the great things that it does and what you can do for the public working for the agency. I think that's a huge miss. So I always did, because I got to work on so many cool things across the federal government.

Some of them would've never been done in the private sector or where the private sector copied what the federal government was doing. People just don't hear those stories enough.

Rachael: That's a shame because there's always that perception that the government's lagging and it's not the case remotely. The scope and scale of which government works too, the number of employees, and offices, and organizations. It's astounding.
Maria: It's huge. The impact you can have on the mission that you're working on.

Think about the paycheck protection program, and how much money we pushed out. People focus on the flaws. 

 

You Move Fast Through the Power of Thinking

Maria: Yes, I admit that there could have been things done better, but boy we had to move fast and we did what we could be moving fast. But you see these stories over and over again across the federal government. 

I think we just need to talk more about things. I'll give you another example of the technology modernization fund, with the money that was in there, the Department of Labor took on. Think about the farm workers that come in the summer, seasonal workers, and farm workers that come in and they have to apply for a visa.

Well, that entire process was very manual and very hard to do paper-based, mailing things around.

Well the CIO at the Department of Labor said, "You know what? Enough of this." He got some money through the technology modernization fund and it took working with USDA, because of farm workers. The State Department, of course, because of visas, the Department of Labor, because it's labor, and then USCIS, Citizen and Immigration Services. 

Those four agencies were able to come together and work out that entire visa process for the farm workers where it didn't take more than 30, or 45 days anymore. They could do the entire thing in about a day. This is where the federal government as an enterprise and agencies come together. Interconnection and making something happen for the benefit of the American public.

Think about getting the farm workers in, the seasonal farm workers, and being able to get the crops out for the Americans.

Rachael: Why don't we hear more?

Maria: I know, you just don't hear enough about these stories and it's a lot of goodness.

 

Look For Leverage

Petko: I don't know. I can't help but think you're a great advocate for just what you can do in government service, in public sector service in general. If you just follow the mission and find some cracks on how to leverage it and look for leverage. I think we need more people like you in government.

Maria: You can actually be super creative in government despite some of the bureaucracy. But if you know how to manage that and work around it, you can get some stuff done. Certainly, I proved that you can do something by finding money in the couch cushions and doing something with even 25 or $50,000.

Rachael: Absolutely. I feel a book coming together, Maria, of all this great experience. Anything to share yet or not?

Maria: I never even thought about writing a book, but it's been a fun ride for sure. It's just the federal government. I see the federal government as this big enterprise in this big ecosystem. A system of systems, not just technology but a system of systems. There's so much that can be done to move the needle. We saw how fast the federal government could move with the pandemic.

When the CARES Act hit and others, we got bureaucracy out of the way.

There were projects I was working on that I had planned out for 12 and 18 months. When the pandemic hit I was like, "Ah, nothing like a good crisis." I'm going to take advantage of this because I need to. I am not taking advantage of it intentionally for the purpose to get the money out and be able to respond to the small businesses across the nation. 

 

Getting Bureaucracy Out of the Way

Maria: So I was able to move those plans forward very quickly and very fast. I can't say enough about my team who is just incredible that made all that happen. In the federal government, you can move fast and you can get bureaucracy out of the way. You can do something very quickly. I think that's the beauty of it.

Rachael: That's been great to see.

Petko: I love that you're also taking the time to help small businesses, being on boards, and giving back. Clearly, you've got so much background and history that you can help find as you put, money in the cushions and everything else and help solve problems. I'm curious, what's been the most rewarding part since you left the government?

Maria: Oh, since I left the government. It's just been a few months since I hung out my shingle. But I think a couple of the small businesses that I'm working with, really helping them. Sometimes they're just chasing contracts but thinking through, well what is your strategy? I get that sometimes you can't plan out for two years as a small business, but what are you going to do this year, and what's your message? 

I recently chopped on an executive summary for somebody who's responding to an RFP, request for a proposal. Then I looked at it and said, "What is your message? You cram all your past performance into an executive summary that is not going to be your message." I said, "If I was the CIO reading that, I would just flip to the next page and move on."

 

Working With the Nonprofits

Maria: So providing some realistic grounding feedback. But also, you talk about back working with the nonprofits. I'm working as an election judge. I work the primaries as well as the general election. So trying to give back to my local community but I've never been able to do that because I've been too busy working. I'm in Frederick County in Maryland, they've got a tech Frederick organization and they had the tech games. 

I rounded up some friends of mine, colleagues, and former colleagues, and we put a team together I know they live in Frederick County. And I know that they're very busy going to DC and doing other things. But I pulled them in a little bit to do some Frederick County stuff. So trying to do a little bit of local stuff as well as some of the vet sports, which is just a wonderful organization for veterans in sports.

Rachael: You have this wonderful perspective of different thinking and innovative thought. How do we get more of that into the industry, getting more diverse thinkers into government and some of these key roles? Not only women but just people from different backgrounds and cultures who are maybe coming into technology or security. We had someone on the podcast who was a Ph.D. in medieval, history.

Now he’s doing this great work. There's a lot of goodness there, but how do we get these people to see the opportunity?

Maria: A couple of things. One, the books start with why. Why do we do what we do? I bought that book for my entire staff at one agency I worked at, I bought it for everybody. 

 

[35:50] How the Power of Thinking Gets You on the Leading Edge

Maria: We went through the innovation curve, by the way. I wanted to know where they all sat because I know that I'm on the leading edge and they all thought they were. I'm like, "No, you guys are a little further on the other side." But a little bit off-topic. When people talk about, "I want to go work in IT or I want to work in cybersecurity."

The business of IT and cybersecurity is so wide, you can get somebody. You talked about a professor or their degree in medieval studies, is that what you said?

Rachael: Medieval history, yes.

Maria: I challenge people to think a little bit differently. I know there's been a lot of focus on, "Oh we got to be a coder." I'm a terrible coder because I don't have the patience to sit still that long. There're other things you can do if you like digging in and looking at data or if you're a really good network person. If you're a good network person and you're a really good troubleshooter, part of that is cybersecurity, what's going on?

People really need to think about what they're good at. Not just in terms of, "Well I know about the bits and the bites and I know this, that, and the other thing." 

Great, but do you have the skills or the competencies to really be an analyst, and do the analysis? I talked earlier about the threat hunt teams, which require digging in and looking around and putting puzzles together. Are you a good puzzle person or are you somebody like me who likes to build things? I always said I'm in the construction building business. 

 

Build Something

Maria: You give me a thing and I'm going to build something. I can do that and I can take something that's way behind and build something. And I encourage people who come out of the military, maybe you're a mortar man and you like to blow things up. Well, guess what? 

As part of being a mortar man, you need to know some math and you need to know math skills. You need to know how to target. Think about that and how that applies to a job that's looking for somebody that needs some math skills or some analysis. I encourage people to think a little bit differently about what their skills are because somebody who's a mortar man can say, "Well I can't do cybersecurity."

I would beg to differ that says, if you're coming out of the military, you already know how to build a team. You know how to work in a team because even as an E1, you were put in charge of field day something. You've got all of those soft skills already and then the other 10 or 20% is you're a mortar man. You understand math and you know how to target, well we can use that. 

We know that most of the skills of a job are being part of a team and soft skills, then we can hone your technical skills. There's a lot there in not just saying, "Well I have a degree in network engineering." Great, well what can you do with that? Are you a troubleshooter? Do you build networks? Cybersecurity itself is so wide.

 

Interest in Aptitude

Rachael: It's so much like an interest in aptitude too, really. You can apply skills, you just have to find some interest in them. We were talking to a couple of fellows from SISA and they were talking about their recruitment and it's really interesting in aptitude. If you want to dive in, we'll help give you some of the needed skills to be successful. But you got to want to do it and learning, and being curious is a lot of it.

Maria: There's a young man I'm talking to. I just reviewed his resume and I'm going to be talking to him shortly, he's a drone operator in the army. He's a drone operator and he's very skilled. His video gaming gave him a lot of expertise, but he was deployed to Afghanistan and it's the big drone. He was able to bring one in for a landing that nobody else was able to do without damaging the aircraft. 

He's got his drone wings, but he wants to get into cybersecurity. But I looked at his resume and I was like, "We need to work on this." Because he's coming out of the military with all this experience around drones and how they operate. I'm like, "You want to get into cybersecurity? What area?" I’ll be asking him shortly a whole lot of questions and working on his resume to really revector that a little bit.

Rachael: I love that you brought that up because it's come up here too. We have a government business here and a lot of former militaries. In the military, it's so prescribed day to day. You know what you're doing and you have these things. 

 

People Need a Mentor

Rachael: But when you come out of the military, a lot of folks have expressed, "I'm not sure what's next." How do you apply all these great skills that you got in the military, to your point too, like a cybersecurity career or another career? I love that you're bringing that up because a lot of people need a mentor. They need someone to help them reframe the experience to get them on that next path of the journey. That's wonderful that you're doing that.

Maria: As a retired military, I did 26 years of active duty and reserve. I know what it takes. Every time you get promoted, you go to a leadership class, you get promoted again, you go to a class and you've got all those inherent skills built in. Personally, when I looked at resumes, even somebody who might not have the technical skills, I know that they were in the military. 

I know all that other stuff that they bring to the table and you know what? I'm willing to put my money on that even though they may not be 100% qualified. Maybe they're 25%, but I'm willing to go out on a limb because I know what they bring to the table as a team player and a leader.

Rachael: Exactly. It makes a difference. Petko, you've worked with a lot of folks in that group and the sense of mission too.

Petko: On the business side, you forget about the outcome you focus on, here's what I did. I think it's built in a lot of ways with which outcome. Maria, I'm kind of curious. We can't all ask you for resume help and everything else, but are there any books you mentioned? 

 

Start With Why

Petko: Start With Why, that future CISOs, CIOs, or anyone that just wants to get into IT that's not there today that should be reading or should consider it. I need book recommendations basically.

Maria: As I said, I bought the book Start With Why, I bought a hundred copies of it and gave it to my entire team. I just thought it was that important to really think about why we're going to undergo a huge transformation. Really to put it front and center and not make assumptions. I think Start With Why, and of course, there are a lot of other ones I've read over time,

Good to Great and things like that. There are just so many out there. I will tell you that over the last six months I've been reading for pleasure. Not so much the professional books of late, but as I said, Start With Why is really top of mind for me.

Rachael: Well, what are your fun books if you don't mind me asking? I'm always looking for new books.

Maria: Last year The Wheel of Time came out on Amazon or whenever it came out and I watched it on Amazon. I went, "Wow, this is actually interesting." Then I learned that there's a whole series of books. My normal genre is like Stephen King, I read a lot of that. But I started reading the Wheel Of Time. I’m in book 10 right now, I'm almost at the end of book 10.

This year I took a shift from all my technical reading and I’m reading for pleasure. I’m in book 10 of a Wheel Of Time right now. I got a couple more volumes to go. It’s a whole series.

 

A Good Book Can Boost the Power of Thinking

Rachael: I will have to check that out. It's hard to find a good book these days. I love a really good thriller murder mystery and to do them well is hard. Don't figure it out.

Maria: This series just got me hooked. There's probably all your listeners, half of them are out there going, "How did you never hear of this?"

Rachael: I know that's hilarious. We have P. W. Singer on a couple of weeks ago and I just got his book Burn-in. It's a techno-thriller. I'm really excited to get that started because my private reading is like Dave Grohl's biography and then I go to the techno-thriller. But I love it because it just keeps your brain engaged.

Anything that can be entertaining but also learns a little something, I'm always there for that, thousand percent. 

Thank you, Maria. This has been so much fun and just so insightful for our listeners. It's like this beacon of hope. An opportunity ahead when we think about government and security and what's coming ahead. There is that silver lining and I think it is good. It's very positive and that's what gets me excited in this conversation.

Maria: There are so many opportunities out there, I can't list them all.

Rachael: I can't wait to hear what's next and maybe if there's a book in the future, I would a hundred percent get on the pre-order list to read that. There's so much goodness to share and knowledge sharing is just invaluable to folks as they're looking ahead. To all of our listeners, thanks again for joining us this week. Until next time, be safe.

 

About Our Guest

 

Maria Roat served as the Deputy Federal Chief Information Officer for two years bringing 35+ years of professional experience in information technology.

Ms. Roat served as the Small Business Administration Chief Information Officer from October 2016 – May 2020 where she led SBA’s digital transformation to a more proactive and innovative enterprise services organization responsive to the business technology needs of SBA program offices and small businesses & entrepreneurs across the United States.

Ms. Roat served more than 2 years as the U.S. Department of Transportation's Chief Technology Officer and was responsible for establishing and leading DOT's technical vision and strategic direction, driving innovation and planning for technology growth supporting internal and external facing mission activities.

Ms. Roat served 10 years at the Department of Homeland Security (DHS) joining in June 2004 and serving in a number of capacities including Federal Risk Management and Authorization Program (FedRAMP) Director, FEMA Deputy CIO, Chief of Staff for the DHS CIO, USCIS Chief Information Security Officer and CIO Chief of Staff, and Deputy Director, Technology Development, for TSA’s Secure Flight Program. Prior to joining DHS in 2004,

Ms. Roat was in the private sector for 5 years deploying and managing global enterprise network management systems, as well as running Network and Security Operations Centers.

Ms. Roat is a graduate of the University of Maryland (UMUC), Harvard Business School Executive Education Program for Leadership Development, and the Navy Senior Enlisted Academy.