When Shawn Kingsberry became the Chief Technology Officer of the Recovery Accountability and Transparency Board in 2009, it had a blank slate – just a few good ideas and the urgency to create a terrific website.
So Kingsberry rolled up his sleeves and led the effort to create Recovery.gov, a site with bullet-proof security that attracted nearly one million visitors a month at its peak. It has become a model for disclosure and open government.
Now, as government agencies work to save money, consolidate efforts and move toward cloud computing, Kingsberry stands as a shining example for those seeking to build or modernize cost-saving websites with extra safeguards to prevent security breaches.
“We have hundreds of people attempting to hack us daily but they are not getting in,” Kingsberry told Breaking Gov. “This is another time like Y2K. This is absolutely the best time to be in IT working for the federal government.”
Kingsberry, 41, was named the board’s Chief Information Officer in March. He was also named a Federal 100 winner this year for providing “vision and leadership in developing and deploying all the IT used” by the Recovery Accountability and Transparency Board. He received accolades in 2010 from former Federal CIO Vivek Kundra for leading the migration of Recovery.gov to the Amazon AWS Cloud, becoming the first federal-wide system to move to the cloud.
“Shawn is definitely a natural innovator. We’re not done seeing Shawn make a difference.” – Grant Dekker
Working on an $18 million contract awarded to integrator Smartronix, Recovery.gov’s IT team built the physical infrastructure offsite in the Amazon Cloud and rolled it over into the physical structure when it was built and ready for launch. It was built with myriad security firewalls.
“Smartronix is extremely focused on cyber security and that extends to our cloud security offerings,” stated Robert Groat, CTO of Smartronix. “We have not had a security breach or any data exfiltration with Recovery.gov or any of our cloud solutions. We believe this is due to our extensive defense in depth approach to security which includes perimeter defense, threat filtering, data protection, and a least-privilege security model. Location of the data, whether it’s in a government-owned data center or a public cloud provider such as AWS, is not as important as the controls that need to be in place to protect it.”
Several of the controls are specific to the cloud and require a deeper understanding of how applications can be designed to take advantage of the cloud’s unique characteristics, he added, which can provide a higher level of security assurance.
Grant Dekker, the former CTO at the U.S. Forest Service and Kingsberry’s boss at the agency where he held a variety of technology jobs, isn’t surprised by Kingsberry’s success as a federal worker.
“Shawn is definitely a natural innovator,” he said. “He has never been afraid to think outside of the box. He realizes that. He understands there are exceptions to rule. Don’t say something is impossible. Sometimes you have to redefine it. … We’re not done seeing Shawn make a difference.”
Other federal agencies have followed Recovery.gov practices in a variety of ways, including:
- The Treasury Department is using the framework of Recovery.gov to modernize its suite of websites and moving it to the Amazon cloud.
- The Department of Agriculture (USDA) moving its entire mail and collaboration structure to the Microsoft cloud.
- USDA, the General Services Administration and the Agency for International Development are moving to the Google cloud.
Kingsberry, with more than 18 years of IT experience in the federal government, offers the following tips for agencies to get going and succeed in this ever-changing world:
- Understand your problem. A big mistake that federal agencies make is that they will quickly jump to technological solutions without understanding the problem they want to solve.
- Conduct an impact analysis. What network are you on? What information is on it?
- Don’t limit yourself to your existing staff. A lot of people running systems today have done so for years. Partner your people with an integrator and hold the integrator accountable to make sure you get the right business outcome.
- Understand your security requirements. Don’t just think the way you have the system classified today is the way your system should be protected.
- Look for federal contracting vehicles to make the right cost-saving moves. See what other agencies are doing so you don’t duplicate efforts and can piggyback on other pre-competed vehicles.