Now seven years on, the U.S. Marshals Service is modernizing its legacy systems to a cloud environment. Working with limited funding and a tag-team approach, the agency found a way to satisfy stakeholders and increase data access for mission areas.
Jarrod Bruner joined in 2012 as deputy CIO, and in 2015, the service encountered a problem with its core mission system. They did an analysis and, as Bruner said, the issue was bigger and more complex than anything they could fix at the time. Thus began a process to modernize the service’s mission systems.
Since then, Bruner moved into a program executive role on the operation side where he leads a program management office to modernizing the agency’s mission. That mission is broken into three lines of business: judicial security, prisoner operations, and perhaps the most well known, investigative, or “finding people.”
For the judicial security set, Bruner explained the Marshals are organized into 94 judicial districts with field offices, and judges have different preferences.
“And so one of our big challenges in our agency is how to do things, how to standardize and implement change in a way that has as few sort of deviations as possible, while also allowing our field personnel to be able to support their local judicial customers who often have different, local procedure for how certain things kind of work,” he said during the ACT-IAC Federal Insights Exchange webinar Thursday.
Unlike for a Justice Department agency with more congressional pull than, say the FBI, Bruner said the Marshals did not have the financial resources to modernize all at once. Their mission is funded by five different appropriations, only some of which they directly control, so they built out a financing plan with the pro rata share annually of what the modernization would cost to build, maintain and update.
“Our strategy from the beginning was to never be in the position that we were in with JDIS [the Justice Detainee Information System], where it was so underfunded that the underlying technology could not be modernized or updated, and where we had to get to the point where it was so old and technologically obsolete and vulnerable from a security perspective that it had to be replaced,” he said.
They embarked on a two-pronged approach of building a budget justification with the chief financial officer, knowing it could take years to get the requested appropriations, and in the meantime did an internal national business process analysis.
“We would bring in teams, a diverse set of mission subject matter experts in all of the different core mission areas, and basically we sat down with them and facilitated these working sessions where we’d kind of lay out the current mission processes, flowcharts, and then we get into like, okay, let’s talk about what are all the pain points associated with performing this mission?” he said. “They can be systemized, it could be policy hurdles, resources, etc.”
Then they asked those teams how they would redesign such processes if money or policy were no object. They had “alpha” and “bravo” teams come in to headquarters for weeks at a time, suggest answers, brief the accountable executive and note the different findings of the two teams, “almost like how the House and the Senate sort of reconcile legislation,” he said.
It was the closest way to reach a consensus and shave minutes off tasks that, over time, help employees accomplish more.
It also influenced how the Service recruits and what skill sets they seek. Bruner said it was worth paying for specialists, whom he referred to as “ninjas,” for short-term contracts for needs such as penetration testing, reporting and analytics.
Bruner said the Service’s legacy systems “did a horrible job” of making data discoverable. Staff did not know to ask for better data visualizations or analysis because it was considered unattainable. Disparate and inconsistent data would also require a mechanism to make decisions about standards that could drive agency decisions, but stakeholders rarely agree about what the “right” way looks like, he said.
Right now, the agency is pushing to build out a data lake where teams spin up a lot of data into a safe space, he said.
During their planning in 2015-16, the agency saw the emergence of gov cloud providers, the first FedRAMP certification of a gov cloud offering and an obvious sentiment inside the Justice Department to reduce its data center footprint.
As such, Bruner said they became the first DOJ environment and mission system to get Federal Information Security Management Act-certified and accredited. Although they had to achieve information assurance from career field and cyber employees who inherently do not trust other people’s work. He said it took applying their own testing and authentication to get their certification and accreditation process completed.
Looking back, Bruner said the agency benefited early on from colleagues at FBI, the Bureau of Alcohol, Tobacco and Firearms and Explosives; and the Department of Homeland Security who were going through similar modernizations. That is why he ended his comments with a message for feds, to pick up the phone, send an email and reach out, as most agencies are eager to help.