State

The Florida Digital Service wants to win, says state CIO

Florida Chief Information Officer James Grant says there's "no excuse" for his state not leading the nation on cybersecurity.

By Colin Wood

September 14, 2022

James Grant (State of Florida)

Florida has shuttered and relaunched its technology department four times in the past 15 years, but state Chief Information Officer James Grant says that this time, things are going to be different.

Grant, a former state representative, ended his 2020 reelection campaign to lead the latest incarnation of Florida IT: the Florida Digital Service. But the office has been relatively quiet over the past two years. Grant grants few interviews and his strategy for succeeding where others have failed has remained an open question.

After taking a run at coaching college football earlier in his career, Grant retains some of that subculture’s ideas and vernacular. He says Florida IT has championship potential, despite never having won a game. He may be right. After two years of growing the Florida Digital Service, he says it has enough support from Gov. Ron DeSantis not only to shake its underdog label, but to make the state government a leader in areas like cybersecurity.

In an interview with StateScoop, Grant shared what he’s been working on in past months and what he sees ahead for Florida IT.

How are things going with the Florida Digital Service?

I think things are going really, really well. Launching a startup in government is most definitely the hardest thing I’ve ever done. You launch a startup in the private sector and you have no money but you also have no rules. In bureaucracy you have money and lots of rules. In a government startup you have no money and lots of rules.

Before the DeSantis administration, zero state agencies had shared real-time information on cybersecurity. From a collaboration, integration data-sharing perspective, everybody was kind of on their own. We’re now north of 25, which is more than half of state agencies. We got a long way to go, but I think we’re looking at Florida to lead when it comes to state capabilities on cybersecurity.

What is your strategy?

For people who don’t know, Florida’s not exactly been the leader on state technology offices in the past, which is what the Digital Service is charged to do. At creation, the Digital Service had a couple of key focuses. No. 1, develop a data catalog so we know what we have, where we keep it, what it means. No. 2, modernize procurement of technology. And lastly, to look at governance. Things like cybersecurity, the enterprise architecture, cloud policy and the like. To sum up, our digital service is different than what a true digital service is. It’s a little bit of a different take, but I happen to think it’s a take that has a lasting impact if done right.

How is it different?

We have no constituent-facing direct responsibilities. We have no citizen front-door. We consult the agencies and support the agencies as part of our function, but our functions to date are all entirely intra-government, with an expectation that we grow to public-facing at some point.

That’s interesting. Why do it that way?

The legislature would have to give us the authority to go public-facing, so they would effectively be taking something from an agency. We’re definitely taking advantage of it. I’ll give an example: It’s really hard to do real, solid, strong identity and access management when any customer can show up. It’s a lot easier to do it if it’s your own employees. It’s still really hard, but it’s a lot easier if it’s your own employees. If we can get this right from an internal government operations perspective, then we can start scaling that out to the public.

What has been effective so far?

We created a space that the team named the Co-Lab for short. It’s where we do our larger meetings. Our premise was we could bring national and world-class thought leadership to the state worker at no cost to the taxpayer and at no cost to the state worker. We’ve had that Co-Lab open for about four months and we’ve trained north of 500 government employees from I think more than 33 government agencies.

Our new service experience team has done a lot. They’re also launching the Florida Digital Scholar Program, in which we pay students, starting with cybersecurity, to do work for us. We’ll give course and degree credit to actually work with our cybersecurity team, helping secure the state enterprise.

You mentioned leading on cyber — what’s the plan there?

We’re effectively standing up the state’s first-ever enterprise cybersecurity operations center. The governor in his recommended budget picked up by the legislature actually included $30 million to fund local government cybersecurity capability, so we’re in the process of deploying that. Most states don’t have a true cybersecurity operations center or don’t have one to point to to say ‘that’s where we really should be.’ We’re all racing to establish those capabilities. I think one of the advantages we have about the historic challenges and having to build from the ground up is that you don’t have a lot to tear down. You get to start blank canvas.

Do you have any insight into why so many IT shops have failed in Florida?

It’s actually a pretty easy question to answer. I think if you ask any CIO or CTO or CXO, public or private sector, one thing all of us would say is you can only be as good as the executive backing you have. No matter how talented you are, no matter how smart you are, no matter how experienced you are, if you don’t have executive backing, you can’t get out of the gate and you’re just not going to be able to do your job. Number two, you’ve got to have the resources. And then number three, you need an ecosystem that fits your solution.

The governor at all points of conversation of me taking the job was adamant that he expected this to work. At every point where we have the need to have change or backing to make it work, the administration has been there in spades. We have data-sharing agreements between the Digital Service and every single agency that would be sharing data with us on any of our initiatives. You don’t get that far without the governor’s office leaning in.

How are you changing things operationally?

When I got here, 92% of every dollar allocated to the organization was to run a data center. Eight percent was cybersecurity, data catalog, all those things. This fiscal year, 100% is on cybersecurity, project support and workforce development. The legislature made the suggestion to move the data center to the Northwest Regional Data Center, which sits on Florida State University’s org chart. So effective 60 days ago, we went from a service provider to a service consumer. There’s $163 million the legislature funded to do application modernization and cloud migration and so that’s working with us to facilitate agencies’ migration into a cloud-smart approach. We’re out of the data center management business.

What’s wrong with IT procurement in your state?

One of the things I’ve really stressed is do we really need to have a procurement conversation? Does the thing you need already been competitively procured because it’s on a pre-negotiated contract like NASPO Cloud? Sometimes I think it’s just a backwards process where we in the public sector don’t necessarily do a good enough job saying here’s what the requirements are, here’s what I need the solution to do. Understanding who the consumer of the service is, who the provider is, just good design of what the solution needs to be can’t happen without a keen understanding of the problem and who it’s affecting. If we do that and go to the alternate contract source, we can be a lot more effective with smaller, faster purchases. We went with a multi-vendor approach that requires a lot more work from our team. It’s a lot harder, but we think it’s a better product that ultimately eliminates the profits of a lot of middlemen or women in that process.

It would be nice to see Florida IT succeed, so I wish you luck.

I screwed up the track to college coaching as bad as you can screw up a profession so I tend to use a lot of metaphors from that world. But one of the things I relished when I got here is that it’s kind of like a program that should be winning national championships that’s never won a game. There’s no excuse for Florida not leading the nation. You have [Naval Air Station Pensacola] Corry Station with some really unique assets in Pensacola, literally the home of cryptography. You have [United States Central Command] and [United States Special Operations Command] in Tampa and then you have NAP of the Americas [data center] in Miami. So if you go literally corner to corner in the state, you have assets that no other state in America has. There’s no excuse for us not winning games.

Speaking of screwing up, what do you think past Florida CIOs have done wrong?

Safe, bureaucratic, gimme-gimme-gimme, fiefdom — all those playbooks have been run before. And the good news for me is that I don’t know how to run that playbook. The only playbook I know how to run is build a team, empower, define success, delegate and then expect us to go win. I know everybody expects two years, go cash out. I’m here because I really care about the mission. I’ve said that my tenure is going to be long enough — if I have anything to do with it — to be able to hand the keys off to somebody and know that the Digital Service will be just fine without me and I think we’ve come a long way in that regard. We also have a ways to go to build a team that doesn’t have a single point of failure.

This interview was edited and condensed.