Shortly after the US went into COVID19 Quarantine Dave McDonald, Navy Telecommunications, Information Technology and Cyber Operations joined us to discuss what we have learned from the COVID19 crisis and how it will better prepare us for future crisis. 8 months later we touch base.

Episode Table of Contents

• [00:00] The COVID19 Crisis
• [00:00] A Massive Multi-Million-Person Enterprise
• [00:00] A COVID19 Crisis Game-Changer and Force Multiplier
• [00:00] The Ride of a Lifetime
• About Our Guest

The COVID19 Crisis

Carolyn: Today we're picking up mid-conversation where we left off with Dave McDonald from the U.S. Navy. We ended the last episode with a question from me about the future of Bring your own device, this episode begins with his response.

Dave: The rhetoric or I'll call it the aspirational capabilities and requirements targets that you hear from our senior leadership. From folks like Mr. Dana Deasy and from Mr. Aaron Weiss up at the DoN. That we will not turn the clock back in terms of capability. There are some folks working really hard right now trying to try to design that. Trying to figure out how we're going to govern it.

Dave: Trying to make sure that the programs and budgets are there to deploy the right technologies on time. The endpoints are going to be tricky. This takes us is to a CYOD, where I will give up my personally-owned $350 HP laptop here. The Navy will issue me some governed device that is mine to take where I want.

Dave: Connect to WiFi where I want. It won't be a classic VPN. I think it's going to have to be a much more agile approach to a VPN approach. We've got laptops now on NMCI with VPNs. There's a whole bunch of things that don't work on them. I think all the services have their example of that.

Eric: But that is aligned with where the industry is going. I would even say, handing out a laptop. I've been in commercial industry since I left the Army, '96 probably, '95, and I've always had a laptop. I have always had a company phone or access to a phone, it's just something you get issued.

The Cost of Occasionally Recurring Technology

Eric: Almost like when I was in the Army. I got a K-POD, I got a rifle, I got all my gear. You’d think that would not be a stretch. That would be easier to secure in some ways than the laptop or computer that everybody's using at home. Or even assuming people are going to have a home system. I understand mobile devices, phones, maybe limit the accessibility to something like that. But you would think that we'll be able to figure it out.

Dave: There's the ever-present issue of cost. I always say scale is its own innovation problem, and scale is most certainly its own cost problem. The cost of the occasionally recurring technology refresh for more than a million endpoints just for the Department of the Navy of some form or another, in addition to office equipment and mobile sort of CYOD type equipment, some reasonable refresh rate factored into your program.

Dave: Then the operations and sustainment, license costs, support costs, patching, having them integrated into some type of zero-trust governance environment. It’s where they're reasonably monitored with SoC-type sensors and analytics. That, as they say, "bring money". There's a whole enterprise sustainment cost that goes with that.

Dave: Those are the kind of hard trades that have to get made. Just because we can declare something feasible doesn't mean we can afford to do it. The real challenging time's ahead. I guess I'd put it this way: in some ways, it's kind of a good problem to have. Years ago, before the pandemic hit, for the better part of 10 or 15 years, I mean. Some of my professional history includes some experience with collaborative tools.

A Full-Featured IP Collaboration Services Culture

Dave: Back in the '90s, like 1996, I was on a project team working for NSA and the NRO. I worked with a few others figuring out how to bring nascent collaboration capabilities into intelligence community networks. That was before Facebook, LinkedIn, Twitter, Instagram and so forth.

Eric: Those were the days of AOL and CompuServ.

Dave: Exactly. I've been a sort of impatient saying, "If we could do that back in 1996, why is it taking us so long to get to a full-featured IP collaboration services culture? Why did it take till 2020?" Well, I'll tell you why: it took a global pandemic. So this is kind of a good problem to have. It's going to accelerate a necessary change for us.

Dave: We'll innovate our way through the governance, the design, the cost and the deployment and sustainment. We will figure that out. We're the world's greatest defense department, world's greatest intelligence community. Clouds have a silver lining. One of the silver linings of the global pandemic for us is we can get on with the future.

Carolyn: In April, you talked about some of the programs you’re hoping would accelerate, like JEDI, to help these problems. Have any of those programs accelerated, come to fruition, helped you out with this very problem? Or am I not allowed to ask that?

Dave: My lawyers advise me to keep quiet on JEDI. It's still in "JEDI Land." I'll put it this way, the Honorable Dana Easy is cautious about talking about JEDI. The field rat Dave McDonald is going to be really cautious talking about JEDI. But we're all looking forward to JEDI and things like it. Ubiquitous, pre-provisioned, adaptable, agile sort of capability space. That's huge for our future.

A Massive Multi-Million-Person Enterprise

Eric: I think this is a difference, though. You're in this massive, multi-million-person enterprise, 5 million, give or take, across the DoD. Things don't move quickly. You're trying to procure cloud services. They will accelerate, but we've got the acquisition problems. We've got the, who picks which technology? How do we inter-operate technology-wise?

Eric: If I needed to spin up Amazon for my team, I would just get it done. We'd use a ProCard and get it done, put a PO through. It'd take a couple of weeks, maybe, which I get frustrated with. I don't want to pick on JEDI or even spend time there.

Eric: But it's almost a monument, a placeholder. It’s a representative sample, of how long it takes us to bring technologies online in the DOD. We've got to change that. It's just too long. It doesn't allow you, the operator, to do what you need to do. My opinion, not yours.

Dave: Let me offer you another angle to look at this from. I've lost track of how many articles, blogs, LinkedIn posts of people who opine that DoD acquisition is broken. It’s just broken, broken, broken and we need to get faster. We need to get ourselves out of the Valley of Death, we need agile-fast acquisition. How come OTA, Other Transaction Authority, is still not fast enough.

Dave: There's a counterpoint to this that is really important to keep track on. It's as simple as that great American idea of competition. That really strong foundational, deeply-rooted, historically-proven idea of competition. And weaved into competition is fairness and agility, and there are aspects of speed that can take place. There is innovation, there is kind of the marketplace of ideas.

The Speed and Velocity to Handle the COVID19 Crisis

Dave: There's a participative economy, just these rooted ideas in American competition. I've heard people talk about the monolithic unitary R&D in governance model of the Chinese. Well, China is a tyrannical, repressive, autocratic, Marxist, anti-competitive society at their very heart, at their very root. We don't want that.

Dave: We want just the opposite of that. So, what's the trade-off for a robust, competitive American economy, competitive American?

Eric: Well, in this case, it's speed. It's velocity.

Dave: It's velocity. I'll double-down on the idea that defense acquisition is not broken. It's got some characteristics and attributes kind of weaved into it by its very nature of being competitive and fair. Even deliberative when it comes to getting to the right answer.

Dave: I sort of jump in with the acquisition reform conversation, the advocates for acquisition reform. There are certain kinds of acquisitions and research and development that you don't have to take 20 systems engineers, put them in a tank for 12 months and sort of overcook requirements using sort of a model-based systems engineering kind of construct or an architecture construct.

Dave: That's really wasteful and expensive and time-consuming. Also, some parts of industry look upon that and say, "What are you guys doing?" For the last 10 years, we've had mature commercial technologies that you could pull off the shelf. That would meet more than 80% of your postulated requirements. Then we could iterate our way to the other 10 or 20%.

Dave: Over-cooking requirements is not what I'm talking about. We need to get over that bad habit. Keep robust processes in place for competition and for inclusivity. A participative defense industrial economy, to me, that's immutable stuff. You got to hang on to that at all costs.

What’s the Future of Zero-Trust Wireless

Eric: We're in agreement. I just want it faster.

Carolyn: Have we proven that we can do that in the last eight months? Haven't we done some of that?

Dave: Yes. I'll give you an example, and this is something I'm very much involved in out here in the Pacific. Look at the Defense Department's research and development and investment path for 5G NextG. It's a great topic, you could have a whole session on 5G NextG. What's the future of zero-trust wireless? The whole dialogue happening at the national level about private versus public wireless network infrastructures, and so forth. I'm involved in some of that out here.

Dave: We initiated the Hawaii, the joint base Pearl Harbor-Hickam 5G portfolio. We're underway with OSDRNE to get that going. You watch how that unfolds. It's being undertaken through a series of OTAs, both the National Spectrum Consortium. We're using the Navy's IWRP, the Information Warfare rapid prototyping program. You're going to see a very competitive, very participative process unfold.

Dave: Across probably a couple billion dollars of investment over a 5 to 10-year window. This is to accelerate exploration and adoption of secure wireless technologies hugely important for fixed infrastructure on our bases and stations. In overseas sites, the ability to rapidly deploy and package up those kinds of capabilities for forwarding operating bases. For maneuvering platforms like aircraft carriers, what have you.

Dave: Integration of those kinds of capabilities with space is hugely important. You've been reading the articles about Joint All-Domain Command and Control. There's a Nexus with 5G NextG there that's really critical. Coming back to the original point of conversation. What you're already seeing with the 5G participation by industry is it's a hugely interesting dynamic, lucrative.

The Big Players in Telecommunications and Wireless

Dave: It’s really open-ended competitive environment for anybody that's got something to bring to the table there. Whether it's a niche capability or the overarching sort of mobile network operator type of the big AT&T, Verizon, T-Mobile. The big players in telecommunications and wireless. Everybody's going to have the chance to play in something as interesting, diverse, and integrated as 5G NextG. It’s the future of secure wireless.

Dave: So, that's an example. Through OTAs and R&D money, there are all kinds of things you can do pretty fast. You don't have to get stuck in the RMF seven-step death march, you can hit the "easy button" on some things. The question is, I said a few minutes ago, scale is its own innovation problem. How do you assure yourself in those experimental portfolios that each one doesn't slide quietly into the Valley of Death? How do you sort of stimulate the process?

Dave: So when you really nail it, when you really have it figured out, you can scale and you can operationalize. You can get the economies of scale and the operational benefits of scale. Then continue to sort of mature and support and sustain and refresh. That's its own wicked innovation problem. I don't want to downplay how hard it is to experiment. But almost anybody with a checkbook can experiment.

Dave: It takes some real wherewithal to go enterprise and scale and sustain. That really takes some leadership and some thought processes and some cultural change that we haven't entirely figured out. The Valley of Death is one of my favorite subjects if you can't tell.

A COVID19 Crisis Game-Changer and Force Multiplier

Dave: But this 5G thing is going to be really fascinating to follow over the next three to five years. At what point do we sort of say, "Yes, this is a game-changer. It's a force multiplier. Let's get on with it, let's start executing at scale"? I'll tell you, the Chinese are already executing at scale.

Carolyn: Is 5G in place now with you guys, to a certain degree?

Dave: In some small experimental pockets, yes.

Carolyn: That's why you were saying, "We might fall into the Valley of Death?" I'm not familiar with the Valley of Death.

Dave: That's a podcast in itself, the Valley of Death. So much has been written on the Valley of Death, including, what was it, Eric? You probably read it, you're an inquisitive sort of DOD acquisition nerd like I am. The 809 Panel Report from a couple of years ago had a lot to say about the Valley of Death.

Eric: I can tell you I have not read that, I'm not sure I'm going to.

Dave: I'll tip you the link.

Eric: I'm going to write it down.

Dave: I think it's a three or four-part volume set. It's a solid 300, 400 pages of light weekend reading.

Carolyn: Why would you read that?

Dave: It's fascinating stuff.

Eric: I want to go back to a young Dave. Nine months ago, pre-COVID. If you could talk to yourself and say,  "If there's one thing you could do right now, what would you say?" One mistake you've made, one thing reflecting back, it doesn't have to be a mistake. Reflect back over the last nine months or so where we've dealt with the pandemic.

Undertaking User-Centered Design

Eric: What's one thing you would say, "Dave, you're going to hit a point in time and I want you to do this"? It's only been nine months, it shouldn't be that hard.

Dave: One of the teams I've got as part of our overall CIO group at NCTAMS is the IM/KM team, Knowledge Management/Information Management team. You talk about staying humble and staying inquisitive. For years, we talked ourselves into the idea that our IM/KM portfolio, our team, our services on SharePoint. The way we undertook user-centered design and some DevOps type of application development, was pretty world-class.

Dave: We had talked ourselves into thinking, "Man, we're one of the best in the Navy." We had benchmarks from IGs, we had people sort of pointing to our portfolio. They’re saying, "Man, you guys are really doing IM/KM." It reminds you to always be questioning your assumptions about what you, your team, your organization are really doing.

Dave: I'll be frank as someone who's been there a long time. I should have been there long enough to know better. We had talked ourselves into thinking we were so good and so complete in our thinking that we were ready for anything. Our value proposition was understood, and so forth. Truth be told, there's a lot more that should have been done, could have been done.

Dave: We perhaps should have put more pressure on the enterprise to allow us to do things a little more completely. It goes beyond what we've already talked about. The whole team, collaboration, and some commodity services that we're going to grow to take for granted here over time. It gets to tailoring knowledge management and information management solutions to the mission and business logistics in support of your organization.

What We Could Have Done to Prepare the Team From the COVID19 Crisis

Dave: There's a lot more we could have done, a lot more we should have done.

Eric: That would have prepared the team for the pandemic, work-from-home. The distributed workforce, everything.

Dave: This goes back to earlier comments I made to you folks about failure of imagination. If you had told me three years ago that, "Hey, your SharePoint investment." We had spent money to upgrade to SharePoint 2013, we sort of virtualized it to build some continuity of ops, depth into the capability. But never in my wildest imagination would I have thought, "Okay. I need to figure out how to enable this for "bring-your-own-device" or "choose-your-own-device."

Dave: There are certain applications and workflows that are going to be critical. They’re exceedingly difficult in a virtualized teleworked crisis-oriented environment. If we had started to think about those contingencies, we would have designed some different capabilities. We would have configured and governed our knowledge management enterprise differently.

Dave: So, blind spots and failure of imagination, for sure. There's a bunch of things I would have done with our KM/IM and portfolio a year or two, three years ago. If I had had any kind of a crystal ball on this kind of scenario.

Eric: 2020, it's great in hindsight.

Dave: In hindsight, yes. IM/KM, if it's dynamic and robust it's kind of always on. You're always adapting and redesigning workflow, and you're always doing customer outreach.

Dave: You're iterating. One of my favorite development ideas, before DevOps was cool, UCD was cool, user-centered design. The whole workflow modeling sort of ground-up approach to iterative design and delivery of capabilities. Our team is equipped to do those things. This wasn't a lack of capacity; it was a lack of imagination.

The Ride of a Lifetime

Eric: I just read Bob Iger's book, The Ride of a Lifetime, I believe. One of the comments that really stuck with me was, "innovate or die." He talks about his journey at ABC and Disney. From a very junior role right out of college all the way up through CEO, and "innovate or die." It’s a good reminder to always go back and look and say, "Okay, what more should we do? How do we change? And how do we put ourselves out of business? How do we iterate?"

Dave: Right leadership ideas. I've always been a fan of Lencioni. Lencioni did Five Dysfunctions of A Team. Then, more recently, The Ideal Team Player wherein the notion of humble, hungry, and smart as ideal team player characteristics. Humble, hungry, and smart. When I think of those characteristics, they are so foundational to this leadership thinking.

Dave: They’re anticipatory kind of eliminating blind spots, opening one's imagination. Humble is, just always be thoughtful and guarded about what's going to come. Either from the side or from behind and it’s going to surprise you. That's humble. Hungry is intellectually hungry, inquisitive. Be fearless about asking those really difficult questions. Don't fall into a sense of having achieved.

Dave: So, humble and hungry are key. Then watching the guideposts. What are the clues? What's the art of the possible? That's a book I'd recommend to everybody. We actually have incorporated it into our hiring criteria of looking for those attributes of humble, hungry, and smart.

Carolyn: Humble, hungry, and smart. What's the name of the book again?

Dave: The idea is pulled from Lencioni's The Ideal Team Player.

Be Humble, Hungry, and Smart

Carolyn: We're going to have to end there, but what a great place to end. I got a new read. And I'm going to offer to our listeners, be the first one to share this episode. Let me know that you shared it on LinkedIn. I'm going to send them their own copy of humble, hungry, and smart.

Dave: The Ideal Team Player.

Carolyn: The Ideal Team Player. There we go. How to be humble, hungry, and smart. So, thank you.

Dave: Patrick Lencioni, marvelous author. And also, Carolyn, I'm going to send you the link to the 809 Panel Report.

Carolyn: Does it have a wizard in it? Or a Jedi?

Dave: There's a Cliff Notes executive summary in front of each of the volumes

Eric: It's a long, unknown distance marathon. Try to take care of yourself out there also and the team.

Dave: Carolyn, great to see you. Eric, great to see you. I hope you're staying healthy and happy and knowing when to turn the machine off. So, don't fall into the present's prison.

To The Point Cybersecurity was recently named one of the 30 top Federal IT influencers  2019 & 2020  because of fantastic guests. We are always looking for great thought leaders to interview. Please email me with guests you would like to have on the podcast cford@forcepointgov.com

About Our Guest

David McDonald, Navy Telecommunications, Information Technology and Cyber Operations. Navy and Intelligence Community professional with dual career tracks as a DoN civil service leader and manager. A uniformed Navy Reserve senior officer (now on the USNR retired list). I bring 37 years of varied professional experience to the table.

With targeted expertise in strategic planning/execution, program management, project management, organizational design, professional development, mentorship. And aligning business/programmatic solutions with mission operations accomplishment. I'm a cyber professional, in the "lingo" of today, and a trained/certified, warfare qualified. An operationally experienced Naval Cryptologist and Information Warfare Officer at the core.

Career path has been fortunate, sometimes downright lucky. It took me on a path from tactical Cryptologic operations on submarines during the Cold War. Then to major SIGINT field station operations, space systems operations in the National Technical Means (NTM) community. Submarine programs management, military intelligence operations at the Joint Combatant Command level. Ultimately, in telecommunications and IT program management.

I have sub-specialized in Defense acquisition program/project management, architecture planning and systems engineering along the way. I’ve had complementary sub-specialities in Knowledge Management, Contracts Management, Training Program and Systems Development, Systems Architecture Development. And a few other things that I can dust off if the situation warrants.

I'm from the school of Servant Leadership - have read and taught literature and practice. I believe in creating organizations that are organic, defy usual bureaucratic "wire diagram" boundaries. Foster innovation, collaboration, continuous improvement and teamwork. If one has been fortunate enough to be mentored through a long career, one then must mentor, with selflessness and dedication.