How Smart Machines and Social Media are Reinventing Customer Care

How Smart Machines and Social Media are Reinventing Customer Care

When CIO Magazine predicted four years ago that machine-learning would one day replace traditional interactive voice response (IVR) in call centers, some scoffed.

No one is scoffing anymore.

Technology has turned the entire call-center universe on its head. Cognitive IVR is just the start. Millennials who grew up texting and chatting online don’t want to talk to a person or a machine on the phone. They want fast, easy answers with a few clicks. So contact centers are gearing up to interact with them where they’re most comfortable – online, using social media, chatbots and virtual assistants.

At least that’s what the most advanced commercial contact centers are doing. Most government contact centers still have a way to go to catch up. Indeed, as commercial firms gain in sophistication, satisfaction with government call centers is slipping. Citizen satisfaction with government contact centers scored just 67 on a 100-point scale in CFI Group’s latest Government Contact Center Satisfaction Index. That’s well behind commercial banking (77), insurance (78) and retail (72).

Virtual aid
Even with Millennials opting out – for now, at least – the telephone remains the most popular means of citizen-initiated contact, accounting for 60 percent of all contacts with government, CFI Group reports. But internet options are rising fast, with computer-driven chatbots and virtual assistants rapidly picking up more and more of the workload as customers seek alternatives to the phone. And increasingly, machines aren’t just providing stock answers – they’re actually helping customers solve problems – often without human intervention.

This is where maturing machine-learning technologies come into play. As automated systems become more adept at interpreting tone and language and faster at coming up with an appropriate response, machines are also able to take on an expanding range of customer concerns. “Machine learning is the enabler to all of that,” said Jeff Beelman, senior director for contact center solutions at General Dynamics Information Technology. “Today, the machine can hear the nuance in how a person asks a question. It can interpret the slang. It can hear the same question asked in a number of different ways and still be able to understand it.”

Modern cloud computing and artificial intelligence work together to advance the state of the art. “I am willing to imagine that within five years, 80 percent of questions coming in via voice and digital channels will be answered by a virtual agent,” Beelman said.

Contact centers have vied for years to weed out as many calls as possible with voice prompts and invitations to go online to answer queries. And it’s helped. But customers also grew frustrated with inevitably complex phone menus and what they perceived as manipulative delay tactics. “The virtual assistant makes a lot of sense when you have a set of questions that are asked over and over again, where the answers are all the same,” said Tonya Beres, contact center manager for USAGova former co-chair of the Government Contact Center Council, a working group of government call center executives. But when things get more complicated, virtual assistants start coming up empty.

“They can’t do as well with questions that are complicated, that are technical, that are just a little off from the usual,” Beres said. A chatbot might help someone get a copy of a birth certificate, “but when [a caller] starts to say that ‘I was born abroad and my parents didn’t file a certificate of my being born,’ then it gets a lot more complicated.”

Social Strategies
Social media already is a part of the customer contact experience – and needs to be – even for agencies that have not hopped on the Facebook train. As CFI Group notes, 63 percent of those who shared their call center experiences with others do so using social media.

Among respondents who heard back from government after posting about an agency on social media, 97 percent said they appreciated the outreach. Those individuals were significantly more satisfied than those who did not hear back after posting – rating their satisfaction at 80 to 100, versus a 63 for those who posted on social media but received no response.

At the National Cancer Institute (NCI), the largest of 27 institutes and centers within the National Institutes of Health (NIH), social media has long been seen as a natural extension of other customer contact activities.

“The contact center’s experience handling public inquiries from other NCI channels (phone and email) transfers beautifully to social media,” says Candace Maynard, senior program manager in NCI’s Cancer Information Service, in a 2014 blog post. “This approach helps NCI maintain consistency and accuracy in its messages across all public-facing channels and leverages the skill of contact center staff when helping the public.”

That’s a critical point, notes Donna Fluss, president of the contact center analyst and consulting firm DMG Consulting LLC. Social media cannot be seen only as a marketing function and must be entrusted to customer care experts. “The vast majority of actionable issues that come over social media are customer service inquiries,” Fluss said. “This can and should be a contact center function. The contact center has the best practices in place to do the things that need to be done when issues come up in social media.”

The customer journey
Cross-channel integration is key to success, demanding that each new channel must be integrated with those that came before it. And tracking what users do as they try to solve a problem is essential to improving those outcomes over time. Insiders call this Customer Journey Analytics (CJA). Broadly defined, CJA covers applications designed to track and correlate customers’ touch points across an organization. “Once you can do that, then you are positioned to figure out where things are going wrong,” Fluss said. “You can figure out where to put your emphasis and energy.”

Customer experience, she said, “is not just about the contact center. It is about every single touch.”

“Whether you call into a call center, whether you email or chat or SMS – however it is you contact that organization – you want them to know who you are, and if you move from channel to channel you want that information to come with you,” Fluss said.

CJA technology helps agencies and businesses make that happen. In Charlotte, N.C., for instance, the combined city/county 3-1-1 call system is linked to customer relationship management (CRM) tools and an extensive knowledge base. Managers use those back-end information systems to drive real-time response. “3-1-1 is more than just a number,” said 3-1-1 Director Janice Quintana. “We need all those tools to be able to work efficiently and deliver great services.”

Those tools include directory assistance for city and county offices, schedules for meetings of City and County government and information about city and county services, and also access to trained specialists in complex issues like taxes and utilities.

Tying multiple systems together is valuable because it creates a clearer picture of a citizen’s interactions. For any service-oriented government agency, “you need to have an omni-channel presence, you need to be able to track where the customer has been so the next time that person touches [one of your systems], you know what they have done before,” Beres said.

But agencies have to be careful they don’t go too far. Privacy must be protected, said Blair Pleasant, president and principal analyst of COMMfusion LLC and a co-founder of ucstrategies.com. “You have to be careful about security and privacy and making sure information isn’t shared where it shouldn’t be,” she said. Agencies benefit when they share, but creating a detailed portrait of a citizen’s interactions with multiple government entities may raise concerns about “big brother.” Similarly, a customer may be pleased the county system recalls resolving last month’s problems with the water bill, but he might not want to be reminded about it when paying annual business taxes.

Getting these things right is critical because it is through contacts with government that citizens determine whether their taxes are well spent and their elected officials are doing what they were elected to do.

“Good customer service legitimizes government,” said Bruce L. Belfiore, senior research executive and CEO at contact center consultancy BenchmarkPortal. “Bad customer service de-legitimizes government. One of the primary functions of the contact center is to make sure the citizen walks away feeling that yes, my taxes are well spent, my government officials are doing their job and are overseeing an entity that is properly run. This is about confidence in government competency and caring.”

Related Articles

GDIT Recruitment 600×300
GM 250×250
GDIT Recruitment 250×250
Vago 250×250
GDIT HCSD SCM 3 250×250 Train Yard
Strategy, Tools and Training: Three Keys to Cyber Defense

Strategy, Tools and Training: Three Keys to Cyber Defense

A piecemeal approach to cybersecurity overly focused on tools, automation and training without an underlying strategy cannot hope to succeed against the constant threats and attacks federal systems face today, information technology leaders say.

Yet most agencies do not have comprehensive cyber strategies in place, according to a Brookings Institution study of federal agency strategic plans. “[T]the focus on cybersecurity is abysmal,” Brookings found. “Half of the federal agency strategic plans make no mention of cybersecurity, and less than one quarter of IT objectives make any mention of efforts to secure IT systems.”

At the Department of Energy, however, a comprehensive cyber strategy has been in place for a year and a half, providing for “a transparent, inclusive, and collaborative governance process” across the agency, said Michael Johnson, the agency’s chief information officer. Speaking at MeriTalk’s Cybersecurity Brainstorm Sept. 13 in Washington, D.C., Johnson said the strategy guides investment decisions and organizational requirements, for “both information sharing – which is enabling the mission – and information safeguarding – which is protection and guarding the mission.”

Energy’s plan covers everything “from the very mundane, standard things like multifactor authentication, all the way through cyber research and development,” he said. The framework includes specific operational details and a big-picture vision, and is used to prioritize and distribute funding where it’s needed most.

“If we get one more dollar, we already know where we need to invest that and where we need to go with that,” said Johnson, whose networks support 120,000 people and 17 national labs. Driven by this strategy, “we can focus broadly as an enterprise on making sure we are advancing where we need to go.”

The Department of Homeland Security has taken a similar approach, developing what Chief Information Security Officer Jeff Eisensmith calls the Cybersecurity Capability Maturity Model as a means of assessing cybersecurity capabilities and prioritizing actions and investments across its networks and the 300,000 accounts they support.

The model helps analyze existing capabilities versus likely threats, enabling the agency to plan spending accordingly, he said. “We can look at what are the gaps we have, what are the capabilities we have, what are the threats coming at us,” he explained. “Then I can look at the very next dollar and where do I need to spend it to cover my exposure.”

The agency is also using the model to demonstrate the effectiveness of investment in order to show return on investment to funding committees in Congress. “That’s a big piece of what we’re pushing this year,” he said.

The Kill Chain Approach
At the Defense Information Systems Agency, cyber strategists have organized their planning efforts by looking at the cyber kill chain, defenses along that kill chain and actual threats, and then highlighting which capabilities proved effective against those known threats.

This model breaks down attacks into stages, beginning with reconnaissance and continuing through delivery and exploitation. The sooner in the kill chain the attack can be disrupted, the less damage an adversary can inflict. The key is to focus on solutions that stop threats as far “to the left,” or earlier in the kill chain, as possible, said DISA Infrastructure Development Executive Jack Wilmer.

Applying this principle to events has yielded practical improvements across both DISA and the Department of Defense, Wilmer said. “As we looked at that cyber kill chain, as we looked at some of the known threats, we were able to come up with, let’s say, five threats that right now we didn’t really have good defenses against,” Wilmer said.

The approach has also helped the agency identify duplication of effort. “You may have originally bought two tools to counter two different threats,” he said. But over time, those products evolve. “Generally both of those tools are adding in other features all the time, and a lot of times you will end up with two tools that really do similar things,” Wilmer said.

“There is never quite enough money to cover everything we would love to do, so that is why we do focus on anywhere we find duplication, to be able to shut some of those capabilities down and reinvest in some of those more important gaps,” he said.

At DHS, Eisensmith calls the kill chain analysis “really once of the best metrics you have,” citing its ability to describe an attack in fine detail.

“What is the sophistication of the adversary and how well are they doing as they come at you?” he said. Using kill chain analysis, “you can begin to get metrics that say ‘I have a vulnerability that is systemic in the following links,’ and then you chase that down to what is the cause. That’s when you can say either the product I have is not doing a good job, or I need training, or some other investment has to occur.”

Both DHS and the Defense Department use score cards to measure security and effectiveness, focusing on metrics to demonstrate performance. “If you don’t do well on that scorecard, it’s a guaranteed trip before Congress where you’re going to have to explain why you’re not doing so well,” Eisensmith said.

The new tools
Among government information security managers, investment in training is seen as a top priority, noted Stan Tyliszczak, chief engineer with General Dynamics Information Technology. Citing a new MeriTalk study, Tyliszczak noted that “across the board, pretty much everybody believes one of the biggest bangs for the buck in cyber investment is training.”

Indeed, the study found that respondents believed 43% of security breaches could have been prevented with better training. And 57 percent cited training as the most important investment their agency could make in protecting information networks.

Wilmer outlined DISA training initiatives supporting the entire Defense Department. Among the newest initiatives, he said, is a daily cyber security question posed to users when they log in. The system keeps score and, if users answer too many questions incorrectly, they are directed to mandatory training. The agency also sends its own simulated phishing emails, forcing anyone who clicks on the fake links to submit to mandatory training before they can log on to their own computers at work.

At Energy, Johnson said, cyber operators are given intense two- to three-day training and then take part in exercises “in a game like environment,” to test those skills. “We require people to basically solve puzzles and compete against each other,” he said.

Just as important – or possibly more so – is a new executive and management level cyber training program Energy began rolling out this year. “One of the major limitations we found is that you can train your workforce and you can train your operators on common toolstack, but what often gets lost is your business owners understanding what cyber is, why it impacts their mission, why they should be investing in cyber,” Johnson said of what he calls “the Cyber 201 level” of training. “What’s a SQL injection attack? Why should you care? That’s been highly effective, as well.”

Asked by Tysliszczak to describe the weak point in cyber training, Eisensmith said it was people. “The most dangerous part of any environment is the wet ware,” he said. “We all know what firmware and hardware is, right? The wet ware is the human beings sitting in front of a terminal.” Increasingly sophisticated spear-phishing training is one response, as is the use of sandbox technologies that protect against inadvertent launches of malware by employees. Combining education with those technologies helps increase awareness among employees, he said.

“It’s no longer a good bet to think that our users will not be fooled by a really well crafted spearfishing attack,” Eisensmith said. Planners must assume users will be fooled and build in protections that will guard against mistakes. “We have to put some underlying technical solutions in the environment,” he said. IT needs to take a closer look at sandboxing, hypervisors and similar technologies that can defend systems automatically. When users make poor choices, “you have to have a mechanism down there to catch it.”

Automated tools should, in turn, generate insights that help improve systems over time, so that systems can defend and heal themselves. “We have to change the paradigm,” he said.

Darlene Renee Tarun, deputy director of the National Security Agency’s Cyber Task Force, speaking in a separate panel, agreed. “IT leaders here are responding to the growing realization that humans will always be the weak link in the security chain. No matter how well trained, “the known, trusted inside users sometimes do things accidentally that essentially open us up to vulnerably,” said Tarun said. “That is going to be a big area of research: How we solve that human frailty problem.”

As automation and tools evolve, procurement delays can get in the way of rapid adoptions. Bad actors devise new attacks and schemes faster than the government can acquire tools to stop them.

Wilmer said this remains “one of the most challenging things” planners face. “It is very easy to bring something into a lab, test it out, kick the tires,” he said. “But then we start on a potential multi-year procurement process for something that is a need right now.”

Eisensmith sees the government’s Continuous Diagnostics and Mitigation (CDM) Program as part of the solution. Cyber tools approved under CDM are readily available to agencies and can be acquired under a Blanket Purchase Agreement (BPA). There’s no need to go through a lengthy procurement process. Updates to those tools and systems can also be easily acquired. “So my security workforce is actually doing security,” Eisensmith said. “And not doing procurement.”

Related Articles

GDIT Recruitment 600×300
GM 250×250
GDIT Recruitment 250×250
Vago 250×250
GDIT HCSD SCM 3 250×250 Train Yard
NICE Rewrites the Rules for Cyber Certs at DHS

NICE Rewrites the Rules for Cyber Certs at DHS

The U.S. Department of Homeland Security is planning to play “nice” in its efforts to build up its cybersecurity workforce.

As it strives to fill thousands of potential cybersecurity jobs, the Department will need workers from a range of disciplines. In order to classify and codify all those skill sets and align them with real jobs, DHS is relying on the new NICE standards – the National Initiative for Cybersecurity Education – developed by the National Institute of Standards and Technology (NIST).

That means more focus on skills and less on certifications.

As a government-wide workforce framework, NICE “helps us to implement best practices, to identify, find and recruit the really good people,” said Phyllis Schneck, deputy undersecretary of the Department of Homeland Security.

NICE breaks down security into seven categories of effort: Security provision, operate and maintain, protect and defend, analyze, operate and collect, oversight, develop and investigate. DHS will likely be dipping into all these areas as it casts a wide net over the pool of cyber talent, seeking professionals in areas including:

  • Cyber Incident Response
  • Cyber Risk and Strategic Analysis
  • Vulnerability Detection and Assessment
  • Intelligence and Investigation
  • Networks and Systems Engineering
  • Digital Forensics and Forensics Analysis
  • Software Assurance

NICE is proving helpful when it comes to recruiting junior talent, Schneck said. “When young students are coming out of college we can make sure we tailor what we are asking for to fit those categories,” she said. “If you are just graduating college and you hear the government has a structured program that identifies the skills they want, it makes it feel like a much more sure bet.”

The detailed roles, skill sets and requirements “become something that we can advertise,” Schneck said.

NICE is also having an impact on certifications, the industry credentials now used across government to categorize talent and skill sets in the cyber arena.

Cyber certifications are in high demand: The most recent report from Burning Glass founds that 35 percent of cybersecurity jobs call for an industry certification, compared to 23 percent of IT jobs overall. But many cyber professionals voice concerns about the difference between the study-to-the-test nature of the exams and the practical on-the-job knowledge required in the real world.

“Certifications aren’t enough – they can show basic ability to pass a book test, but they really don’t demonstrate how well someone can work in the real-world, under the pressure of cyber incidents happening in real time,” said Stan Tyliszczak, chief engineer at General Dynamics Information Technology. “For that level of expertise, you really need people who are experienced – who understand the big picture, who have been there, done that, earned the T-shirt. It’s more than just understanding the technology and terminology.”

Defense Department Directive 8140, Cyberspace Workforce Management, issued in August 2015 sets the stage for replacing its certification-based workforce program with skill-based assessments rooted in NICE, and that is driving change in the rest of the market.

Some certifying organizations are starting to develop new “performance-based” certifications tjat are more in line with the NICE standard. ISACA recently unveiled its Cyber Security Nexus Practitioner (CSXP) certification, which tests a candidate’s skills in a live, virtual cyber-lab, and CompTIA’s A+, Network+, Security+ and CompTIA Advanced Security Practitioner (CASP) certifications also includes performance-based assessments.

Both ISACA and CompTIA are building their new hands-on programs around the NICE standards and definitions, hoping to remain relevant as the marketplace changes.

NICE doesn’t undo the call for certifications. But with its emphasis on functional roles, it helps to better align candidates’ skills with specific job functions.

The NICE framework also keeps DHS in line with the Federal Cybersecurity Workforce Assessment Act. Passed in January, this law requires all federal agencies to develop a cyber workforce assessment program based on NICE.

Even as NICE helps to draw in entry-level professionals, DHS also is looking to hire cyber experts with more specific skills. Schneck pointed to a long-term recruiting emphasis in the space where cyber skills intersect with electrical grids, water systems, pipelines and other elements of national infrastructure, as well as in the policy-making arena.

“We need [people] who can very quickly understand how a certain cyber event might affect these infrastructure situations,” she said. “We need people who understand how computers can make water flow, people who understand the impact of computers on industrial control systems.”

DHS also needs people who can translate that expertise into policy. “When it comes to the broader vision, I need us to really understand how to bring things into the policy shop,” experienced cyber pros who can help the organization see “how we can be more resilient, to understand the economic impact, to understand the political impact of an event,” Schneck said. “It takes a certain skill set to not only understand what is happening, but to be able to translate that.”

At the same time, DHS also needs skilled worker-level practitioners. The agency already has a skilled cyber force, but building and sustaining that skill level is a constant challenge.

“Our malware ninjas are second to none,” she said. “They understand intrusions, they understand how to respond, and those are very specialized skills. Those are experts and I would put those teams up against any adversary and they would win.”

Taking the long view, Schneck raises the novel suggestion that the best way for DHS to meet its cyber needs is to make sure cyber professionals know they are free to leave whenever they want.

Government has a tradition of hanging onto its people for the long haul, but that isn’t the way things have to be, particularly in technology fields. Today, the average worker can expect to swap positions 12 times in a career, according to the Bureau of Labor Statistics. The average IT professional works just three years in any given position, according to the Society of Human Resources Management (SHRM), two years less than the overall average nationally. That’s the shortest of any single industry, SHRM reported a year ago.

“What I am seeing is a lot of people coming into government and wanting to go back and forth to the private world,” Schneck said.

DHS shouldn’t fight that, but work with it, she said. “This group likes to make a high impact, quickly. The way to get the best minds into both the government and private sector is for us to say: Make the best impact you can at the right time, and do tours of duty in both places.”

The result is a payoff for both industry and the government, Schneck said: “If they want to go back to private sector…they will bring those skills back there to our companies, to make them strong, to help them innovate.”

Related Articles

GDIT Recruitment 600×300
GM 250×250
GDIT Recruitment 250×250
Vago 250×250
GDIT HCSD SCM 3 250×250 Train Yard
Marines Work to Join Enterprise Network to JIE

Marines Work to Join Enterprise Network to JIE

The Marine Corps expeditionary mission set continues to challenge efforts to join the Corps with the Department of Defense’s Joint Information Environment (JIE).

Kenneth W. BibleThe Corps must strike a balance between the needs of Marines operating at the tactical edge and other JIE users, who typically have better connectivity, said Kenneth W. Bible, Deputy Director, Marine C4 (Command, Control, Communications, Computers) in an interview with GovTechWorks. To thread that needle, the service moves simultaneously on several fronts:

  • Joining with the Defense Department (DoD) and its sister services to define the JIE Concept of Operations
  • Ensuring that JIE’s Joint Regional Security Stack (JRSS) infrastructure – gateways between defense networks and the greater internet – won’t slow network traffic, potentially putting Marines’ lives at risk
  • Consolidating network resources among the Corps’ functional components

Taken together, Bible said, these efforts aim to overcome the Corps’ “unique networking challenges” and enable it to fulfill the spirit of JIE. The Marines have been the most cautious among the services in moving to enable JIE and the Joint Regional Security Stacks (JRSS) that will act as gateways between the internet and the Defense Department’s internal networks. Marine Corps Chief Information Officer (CIO) Brig. Gen. Dennis Crall and Bible have each voiced concerns about the strategy and planning for JIE and JRSS, and a new General Accountability Office (GAO) report criticizes the Pentagon’s management of the project.

Approaching JRSS
As the gateway to the military’s network infrastructure, JRSS incorporates firewall, intrusion detection and prevention, enterprise management, virtual routing and forwarding (VRF) and other network security functions. Marine Corps leaders were initially ambivalent about JRSS, concerned that the infrastructure might not support the needs of deployed units. More recently, however, Crall has said the issue is “when, not if” the Corps would get fully on board.

Bible said his main concern is that the processing that goes on inside the JRSS could slow the delivery of networked services to a Marine Corps force that relies on speed and agility as its fighting tools. “Present policy indicates that all of our connections, even our tactical processing nodes, need to go through a JRSS,” Bible said.

There’s the rub. Tactical processing must be instantaneous to be effective. “We can’t have an environment that takes days or weeks to respond to changes,” Bible said.

Marine Corps IT leaders are working with the Defense Information Systems Agency to ensure Marines will have the direct access they need to keep things moving within the JRSS, but Bible indicated the essential nature of the JRSS still gives Marines pause.

“The challenge in the JRSS is that I have one stack being shared by multiple servers. We have co-tenancy, and the construction of being able to partition out and configure these VPNs across that stack simultaneously, without causing undesirable effects on your neighbor – that is the real trick,” he said.

Air Force Col. Scott Jackson, chief of the Joint Information Environment Solutions Division within the Defense Information Systems Agency said in April noted that each of the services will be able to define their own security processes and controls for JRSS. DISA says the next iteration of JRSS will meet baseline requirements established by the Navy and the Marine Corps.

Bible said it is still too soon to know to what degree JRSS might insert latency or packet loss to Marine Corps networks. The other services typically deploy with a lot more hardware than the stripped-down Marines do. “I don’t have a five-thousand mile Ethernet cable to connect to a ship,” Bilble said. Without hardwiring, the likelihood of network holdups increases. “No testing has been done” yet, Bible said. “We are still looking at it.”

Part of the issue is defining expectations and understanding how the networks are to be used. The services are still hammering out the detailed Concept of Operations, or CONOPS, for JIE. “We are at a critical juncture with the CONOPS” in relation to co-tenancy provisions, Bible said. “We are closely involved in looking at that and in formulating what we need those CONOPS to contain.”

As director of Marine Corps C4, Bible is a voting member of the JIE executive committee and his staff participates in JIE working groups to help align DoD plans with Marine Corps mission requirements. Embedded Marine Corps technical experts participate in efforts surrounding technical synchronization, governance, operations and other areas.

At the same time, the service is exploring whether changes to its own processes could help the Marine Corps Enterprise Network (MCEN) mesh more seamlessly with JIE. For example, Bible pointed to the Marine Corps Enterprise Information Technology Services (MCEITS) program in Kansas City, an “application modernization” effort supporting the Marine Air-Ground Task Force Command and Control (MAGTF C2) Framework and the Marine Corps’ C2 System of Systems.

MCEITS is “starting to pay off,” Bible said. The program provides a framework for integrating common functional requirements, ensuring that end-user devices, sensors, applications and appliances can successfully connect to the MCEN. By employing more cloud-native software design methodologies, Bible said, it may be possible to overcome system latencies caused by JRSS.

Working out those details now has important implications, said David Gagliano, chief technology officer in General Dynamics Information Technology’s Global Solutions Division. First, the Corps gains needed cost savings and efficiencies by leveraging shared services such as JRSS, and second because solving these problems now will improve interoperability and further leverage anticipated enhancements to the Navy’s Next Generation Enterprise Network (NGEN).

Making changes
Even before those details are resolved, Marine Corps IT leaders have begun adapting MCEN to meet JIE requirements. The service moved over a year ago to upgrade to a multiprotocol-capable label switch architecture, as mandated under JIE, and in May ordered logistics, finance, base support and data centers to begin migrating to regional Installation Processing Nodes (IPNs).

The move will cut an inventory of 60 data centers down to “single digits,” Bible said, and will significantly consolidate servers. Centralizing servers “increases the visibility we have to the network,” he explained. “We are able to go provide a more consistent environment for applications to live in and also potentially be able to leverage some DoD centers to avoid having to add capacity at inopportune times.”

In some cases, those data centers may belong to the other services. To that end, “we are looking very closely at how we can leverage other services’ data centers in some cases, while we either modernize an Installation Processing Node or – in at least a couple of cases — considering whether we need to have an Installation Processing Node on a particular base at all, if we can leverage another service’s data center,” he said.

With no fixed timeline, “we are working as fast as we can to make those migrations,” he added.

In a further effort to align its present networking policies with those of JIE, the Corps is also taking a hard look at Bring Your Own Device, or BYOD. “We think this is an excellent candidate for the future JIE environment,” Bible said. To that end, the service is moving forward on a pilot project which will use drive certificates as a means to create secure software containers on some 250 test mobile devices by the end of the fiscal year.

Even as the Marine Corps moves to bring together its own networking needs and the JIE vision, Bible said, the service faces a formidable challenge.

“The Marine Corps is spending a lot of effort to get back to it its expeditionary roots,” he said. “The hardest piece to align will be that furthest-out, distributed Marine working off a ship. Any time I don’t have access to a land-based connection, there is a challenge. We are trying to make sure we don’t lose sight of that tactically deployed Marine.”

Despite the hurdles, Marine Corps leadership expresses optimism at the prospect of a more uniform computing environment, which JIE could help to forge between all the military branches. “Warfighters must be able to join the fight immediately, integrating with naval forces, extending and projecting force on shore,” Crall told the Navy IT publication CHIPs. “JIE compliance will help us do that.”

Related Articles

GDIT Recruitment 600×300
GM 250×250
GDIT Recruitment 250×250
Vago 250×250
GDIT HCSD SCM 3 250×250 Train Yard
DHS Tests On-the-Spot Hiring for Cyber Ninjas

DHS Tests On-the-Spot Hiring for Cyber Ninjas

The Department of Homeland Security is rolling out on-the-spot hiring and adopting other time-saving moves to cut the time it takes to identify and bring on board skilled cyber talent.

Phyllis Schneck, DHSIn an exclusive interview with GovTechWorks, Phyllis Schneck, DHS’s deputy undersecretary for cybersecurity and communications for the National Protection and Programs Directorate (NPPD), said she aims to slash the six- to nine-month federal hiring process as she tries to fill “thousands” of cybersecurity jobs across the agency.

Cyber talent is in short supply in both the public and private sectors. The number of private-sector vacancies stood at 209,000 in March 2015, according to the most recent numbers available, from a Stanford University research project. And 60 percent of U.S. government IT leaders reported in 2015 they do not have enough cybersecurity personnel to meet the mission, according to (ISC)2’s 2015 Global Information Security Workforce Study. The 2016 study is under way now.

Schneck’s strategy leverages legislation passed two years ago promising to “improve DHS’s cybersecurity capabilities by streamlining the hiring process for recruiting and retaining qualified cyber professionals.”

Back then, Schneck was chief technology officer for global public sector at McAfee, Inc. Now it’s her job to bring a private-sector sensibility to the job and bring more cyber talent into the government more quickly.

“This is not yesterday’s government. DHS is taking a very modern look at hiring,” Schneck said. For evidence she points to an upcoming hiring fair July 27-28 at the Omni Shoreham in Washington, D.C., where the department will be making on-the-spot job offers for the first time ever.

The offers will be provisional – pending security clearance and background checks – but the process should cut down recruiting time substantially. That’s still a long time – the typical security clearance took 116 days from start to finish in the first quarter of the fiscal year, according to the latest quarterly update on Performance.Gov.

“We are doing everything we can to look at the process, to shorten the time it takes,” Schneck said. “We want to change that experience from the time you meet us to the time you get here, to change the process so it is really streamlined.”

The hiring fairs are one step, but there are others. DHS doesn’t control the security clearance process, which is controlled by other agencies. But it can control its own internal processes. Within DHS, Schneck said, an application should “travel less,” hitting fewer desks as it makes the rounds of needed approvals. In the past, an entire stack of applications could be delayed due to a problem with just one of the documents; now, Schneck said, hiring managers are advised to pull out the problem applications and let others continue; once issues are resolved, the application in question can move on, as well.

Schneck said hiring times are already speeding up, but said it’s too soon to quantify results.

Opening Eyes
Across the IT spectrum, the hardest people to locate and hire are experienced cyber professionals with high-level certifications. Cyber is still a comparatively new discipline, demand for these skilled professionals is high in both the commercial and public sector and commercial salaries can exceed government maximums.

“The spectrum of skill sets we need is very, very wide,” she said. Forensics, data mining, systems engineering, incident response: All the main cyber roles show vacancies. The problem lies less in the realm of specific skills shortages, and more in the arena of public relations, she said. Public service doesn’t sell itself well.

“The hardest part has been attracting them to government,” she said. “I know we have a great mission, but I don’t think we always do a good enough job of expressing the excitement around it.”

Information security vacancies are everywhere, ranging from hundreds of open jobs for network security specialists at Cisco to fewer than 20 at Amazon Web Services. For DHS, the Defense Department and government contractors, the challenge is made more complex by the additional burden of security clearances. General Dynamics Information Technology, for example, lists hundreds of vacancies today, almost all of which require a clearance.

Waiting for a clearance takes time, but it shouldn’t be seen as a roadblock to the excitement, challenges and opportunities of working in the public sector. Even though she held a security clearance while in the corporate world, Schneck said it was only after coming on board at DHS that she fully realized “how much people in government do and how hard they work,” she said.

She recalled an early visit to an undisclosed DHS cyber facility. “It was eye opening. There is a whole world of people who are working 24/7 on some very difficult and important items that would sharpen anyone’s skill set,” she said. “But you don’t know everything until you are inside. You never really see the guts of how this work is being done to ensure the population is not harmed.”

Now DHS is trying to shine a light on that excitement through public job fairs and other means to attract talented people to a critical national mission. DHS leaders are raising their public profile, spending more time at industry gatherings and investing in future and emerging cyber professionals:

  • The Cybersecurity Internship Program gives current students the chance to work alongside DHS cyber leaders on real-world projects involving identification and analysis of malicious code, forensics analysis, incident handling, intrusion detection and prevention, and software assurance.
  • Students in the Secretary’s Honors Program Cyber Student Volunteer Initiative learn about the DHS cybersecurity mission, complete hands-on cybersecurity work and build technical experience
  • DHS also partners with the National Science Foundation on the CyberCorps: Scholarship for Service program, which offers scholarships to outstanding undergraduate, graduate, and doctoral students in exchange for government service to a federal agency.
  • For more seasoned professionals, the Loaned Executive Program brings in industry leaders to share their expertise and get a taste of the DHS mission during short-term stints.

Those student-oriented programs may be especially valuable at a time when many young people are shying away from public service. “The greatest challenge for federal agencies is recruiting and retaining younger employees, those who represent the foundation of the workforce in the years ahead,” according to Improving the Employee Experience, a report from the Partnership for Public Service.

All these efforts ultimately help boost the department’s visibility. “The more people know what we do, the more the ones with those very wide skill sets are likely to approach us,” Schneck said.

Related Articles

GDIT Recruitment 600×300
GM 250×250
GDIT Recruitment 250×250
Vago 250×250
GDIT HCSD SCM 3 250×250 Train Yard