Tuesday, July 26, 2005

Arlington, Virginia

Mr. Morales: Good morning and welcome to The Business of Government Hour. I'm Albert Morales, managing partner of The IBM Center for The Business of Government. We created The Center in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about The Center by visiting us on the web at www.businessofgovernment.org.

Mr. Garing: Good morning.

Mr. Morales: And joining us in our conversation, also from IBM, is John Thomas. Good morning, John.

Mr. Garing: DISA provides the systems and capabilities that enable the deployment, employment, and sustainable war-fighting force. We do the wide-area network for the Department of Defense. We do the heavy-lift data processing. We are active in the information assurance area supporting both. And we do command and control applications that enable command and control of a joint task force as it deploys.

Mr. Morales: Would you give us some details on the size, budget, and the employee skills of the folks at DISA?

Mr. Garing: DISA today has about 6,600 people, and that's down from around 8,200 we had 4 years ago, largely because of some smart-sizing we've done in our data centers. Our budget is around $6 billion. Of that, three-quarters of it comes from customers, either through the Defense Working Capital Fund or through reimbursable work that we do for them, and 25 percent of it is direct appropriated from the Congress for specific programs and things like civilian pay.

The workforce is highly technical -- computer scientists, engineers. In fact, we just went through a scrub of our workforce about 18 months ago and we added more computer scientists and more engineers and removed some lesser technical skills, like computing operators, which we have largely automated the functions for, so highly technical, highly educated. Like most government agencies, we have a lot of people within a few years of retirement, but we also have a very active intern program bringing in about 120 per a year. And our success rate with those interns is about 70 percent retention. So we have a way of infusing new talent and the right kinds of talent, and the interns are mainly technically trained, educated, from schools throughout the country.

Mr. Thomas: John, as the CIO and director of strategic planning at DISA, what's your role and how do you relate to the other DOD CIOs, and is your role more internally or externally focused?

Mr. Garing: Well, that's a two-part question. As a CIO it's more internally focused, doing the things that CIOs are responsible for, for my agency: Klinger-Cohen, sound investment planning, information assurance for our internal networks. As the director of strategic planning and information I have two major roles there. One is the outward look, outside of DISA, in providing the systems and capabilities and services that enable our customers to do their jobs. Things like Net-Centric Enterprise Services, Global Information Grid band with expansion, global command and control system, the data centers, the Defense Information Systems network, all those things. As a planner, I'm supposed to be looking three to five years or beyond that out. From a programmatic point of view, I am the one that defends our outward-looking budget that will be called upon. And I'm also the one that does the interface with the office of the secretary of defense and the joint staff on many things.

My other hat is in the information world and, you know, our previous director created this organization because he wanted a nexus where the experience, expertise, and day-to-day knowledge of programs and systems and capabilities resided with our both external and internal information organizations. That is to say our public affairs, our internal command information that spreads the word among our employees, and the conference functions that we do, like our annual customer conference. There's a synergy there between the planning function and information that you could not contrive any other way. It's really - it was a brilliant move on his part to do that.

The strategic planning involves a number of things. One is senior engagement with customers. We have our 500-day action plan, the director's 500-day action plan, that we publish about every two years. And that is an attempt to get from our customers what they need from DISA in the next 500 days, as it turns out. We also do strategic planning visits with the combatant commands and the services where a flag officer, general, or an SES or a couple of SESs, plus a team of four will go and engage at the high levels of the service at combatant command, like, for example, I was at Joint Forces Command with their J-7, their J-8 and J-9: the 7 is a training guide, the 8's requirements, and 9 is experimentation. They are customers of ours and they're not the typical communications and information technology people. We went on to Europe, we met with the intelligence people, the operations and the planning people, in addition to the communications and information technology.

So we gather inputs strategically from our customers to try to get in their heads and figure out where they're going and how we can complement them in their programming planning process. We do the same with industry, and that's been a little bit slower in starting up. Senior engagement in companies where our seniors, like our director, vice-director, people like me can get in a relationship, a professional relationship with the leadership of a company so that we can understand where their market and technology are taking them and how we can leverage that, and they can learn from us where we're going. Now we're not the biggest buyer of IT by a long shot in the Department of Defense, but we do exercise I think some technical leadership. And so we have found that the senior leadership in large companies, like IBM, like to listen to what we have to say and we sure learn from them.

The side benefit of that is that we also learn how they run their business, which is helpful to us. And a lot of what we did in our last reorganization 22 months ago was learned from corporations and corporate executives who talked to our previous director and to some of us and gave us ideas and lessons learned.

Mr. Thomas: John, you've worked both in government and in industry. Give us a snapshot of your career and note any significant similarities or differences.

Mr. Garing: I spent 24 years in the Air Force as a communications officer, retired 16 years ago. And I spent the next eight years in businesses, working around the Beltway in professional services companies, most of which have been bought and sold since I was there. And then I came back to government in August of '98, but I came back because I wanted to get a little extra juice in my life. I needed to come to work for a reason.

And what I found is that if you could create an executive in the government, if I could, I would take somebody who has had my career path, learned the skills of what it takes to run a military organization, what the military's needs are, and then learns what makes a business run. You know, I've been at the wrong end of a chief operating officer's power stare more than once and I understand P&O, I understand the bidding process, I understand capture, and I understand how I got taught difficult but good lessons on program management and forecasting and things of that nature. So when I bring, and others like me, bring that back into the government, it gives us great insight and it helps us create better relationships with our senior vendor partners or our vendor partners. And it makes negotiation more easily a win-win because we understand what the guy on the other side of the table or the girl on the other side of the table is going through having done that before, and there are several of us that have done that.

And the gentleman who runs our sustainment organization is a 20-year veteran of IBM as a matter of fact, was a troubleshooter for IBM, a vice president. And he has tremendous insight into what it takes to run a business not just from providing a service, but from a basic fundamental business understanding and business foundation. He and I and a couple of others are really cost-based people because that's one of the lessons I learned from my boss when I was at Cincinnati Bell Information Systems: You have to understand the cost of doing business or you can't do the business.

Mr. Morales: John, you certainly have a wide breadth of experience with your experience in the Air Force, at the White House, in the private sector, and now at DISA. Of all those experiences, what do you draw upon the most in your current role?

Mr. Garing: I think it's the importance of relationships. I think this -- what we do for a living, you and I -- is all about relationships. And you have to establish, as a provider, a service provider, we have to establish relationships with our customers or, you know, you go and look the guy in the eye or the woman in the eye and you say, "How are we doing?" And you'd be surprised what they'll tell you. They'll tell you the truth.

Similarly, we have to be able to talk to our suppliers in the same fashion. And one of our jobs in this organization we call strategic planning and information is to create the relationships in OSD and the Joint Staff, with our customers, the services and the defense agencies and the combatant commands, and with the business world. That is probably the one I would put number one.

Number two is what I mentioned a few minutes ago, and that is you've got to understand the cost of doing business. In the government we don't always do that. We work to a budget. You know, in the private sector returning money to the company's a good thing. And in the public sector, if you're returning money oftentimes you're punished because you don't get that money next year; you don't need it as much and you end up missing opportunities to spend it. But underneath all that is the absolute that you have to know the cost to deliver a product or a service before you can price it. And, three-quarters of what we do comes from our customers, so we're in a buyer-seller relationship all the time, and knowing what cost is, is an important piece of that.

Mr. Morales: That's a very critical point, thank you. What are the top goals and objectives of DISA? We will ask DISA CIO John Garing to explain this to us when the conversation about management continues on The Business of Government Hour.

Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with John Garing, chief information officer of the Defense Information Systems Agency. Also joining us in our conversation is John Thomas.

Mr. Garing: Well, transform is a big word and we use it a lot. I've been in DISA for just at eight years, eight years next month. In the five years of our previous director we reorganized three times. And some people cringe and even mock that, but I found that the Fortune 500 reorganizes at least part of their companies every 11 months to maintain relevance in the marketplace.

And DISA, I think, is to be given credit for having the guts, the courage to undertake reorganization. So we went through a major one 22 months ago when, in fact, my office was created. And the theme we followed was one of, if I get them all right, six mandates. The first was becoming an acquisition organization that can, in fact, lead major acquisitions, like the Global Information Grid band with expansion and Net-Centric Enterprise Services. Now we have a component acquisition executive who has the same authorities virtually as the service acquisition executives. So that was one element.

The second was concentrating our engineering in one main body, using home-teaming, so that the engineers have a career monitor/manager that's in the engineering organization while they may work someplace else. But we've put the muscle in under one leader for engineering.

The third was to create an organization that would help us do what we call net ops. Net ops is not an abbreviation. Some call it network operations, but it's more than that. It's the operation and the defense of the Defense Department's network -- "network" here meaning data, voice, video, transport layer, the whole, the broadest definition you can think of with network. And we wanted to make sure we had an operations organization that could in fact support what is now called the Joint Task Force-Global Network Operations, who is JTF-GNO, who is charged with operating and defending the network.

And the fourth was sustainment. We acquire, engineer, and operate, and in the middle is the guy that does the maintenance, the guy that provides the network day-to-day, makes sure it's tuned and operating, provides the data center, and hosts the applications that we're responsible for.

The fifth is financial transparency. Our goal is to get a clean audit opinion by 2007. And we have reorganized a bit and retooled to make sure that we had the right people and the right processes in place to lead us to that clean audit opinion, including getting some new people.

And the sixth and final is governance to make sure that we are able to provide the oversight needed to become a cost-based organization, to understand what our customers were expecting of us, and to be able to deliver that. And that's partly why my organization, Strategic Planning and Information, was formed as to be part of that governance process -- not all of it, but part.

Mr. Morales: That's a very impressive list of objectives. How do you see your specific role in achieving those priorities?

Mr. Garing: I smile because sometimes I feel like a confessor. My people are the heart of most of what goes on in DISA. Either something touches a policy aspect or touches a programmatic funding aspect or it touches something to do with the CIO itself, that organization itself, or touches information, so we get involved in almost everything that goes on. And the director and the vice-director turned to my organization for a lot of advice, a lot of counsel, sensing what a customer may really want or not want, sensing what the mood is in OSD on a particular subject, paving the way for something that's controversial and laying the groundwork and doing the requisite, I'll call it schmoozing, that needs to be done.

So we're pretty much at the center of this. And I'm not saying it to brag; it's just the way he created the organization. And it takes people like I have working with me to do that -- good, strong, smart, savvy, street-smart people. So we're pretty much at the center of a lot of what goes on. And it's a role that's hard, but it's a role that's also a lot of fun.

Mr. Thomas: John, you've mentioned the director's role as the Joint Task Force for Global Network Operations. You've been quoted as saying that DOD needs more coordination in the procurement of network systems and the management of the network. Could you elaborate on that?

Mr. Garing: There are two parts to that question: One is on acquisition and one is on the management. Eventually, we're going to have to come to the realization that there is one enterprise at the Department of Defense, not several, not one for each service and one for each agency and one for each combatant commander. There's one enterprise, it's a single network, many components. And how you define single -- is it all managed by an organization or is it a combination of networks that are singly overseen and commanded, if you will, allowing individuality among the services, but with common standards?

We have to come to the realization that the data that the Department of Defense has is not anybody's data; it's the secretary of defense's data. He owns it. And to me truly net-centric, that means that we have to have data on the network that's discoverable, authentic, trusted, timely. And to do that there have to be rules about what is put on the network, what's allowed on the network, how it's managed and controlled. And from my point of view, you cannot do that with, you know, seven or eight master chefs in the kitchen. You need a master chef and a lot of chefs to help him or her out. So from an operations point of view of the network, you're going to need a master chef.

And that doesn't mean -- it's like a heart surgeon. The heart surgeon doesn't do all the cutting and sewing, but he's there overseeing what's going on. Everybody has their own specialties. So you need an orchestrator, and the JTF-GNO is the beginning of that. That's going to take, I think, a number of years to mature fully.

On the acquisition piece, I listened to Gen. John Jumper, who is the chief of staff for the Air Force, talk about, we're all about programs, we're all about platforms, and we're not about an enterprise. And the way that we, the department, acquires systems now is on a program-by-program basis. And the programs produce hardware capabilities over time based on their individual program charters, and that has led to some gaps in capabilities.

For example, if you look at the transport, the GIG band with expansion is going to be finished this fall. The Joint Tactical Radio System, which is the tactical end for band, with improved bandwidth is five or six years away I guess from full maturity. And the transformational satellite architecture is another seven or eight years from now or maybe longer that that. So we have the GIG-BE in place with a lot of bandwidth and then we have gaps. We have the legacy, the satellite and whatever else that's there, not the high bandwidth we need to go into denied areas like Afghanistan.

And then we produce things like high-power applications and the capability that Net-Centric Enterprise Services will start producing in 2007. And some liken that to driving a high-powered Maserati on a dirt road: You got all that power and you can't go over 30 miles an hour. So there needs to be synchronization of capabilities.

And I think what you're also seeing now is inquiring minds asking, okay, what is the return on investment for all these bucks we're putting into these programs? What capabilities are we producing and when? So we're starting a poor man's version of what we call a net-centric roadmap, and it's looking at the applications, the systems, the capabilities that DISA is responsible for producing. And seeing, if they were left unattended, what would they deliver when and seeing how much overlap is being produced, where the gaps are, and what technology is going to allow. And we've chosen three years, arbitrarily. They go along with our budgeting process, but 2008, '12, and '16, and we're going to draw kind of marks in the sand, lines in the sand to look at what those programs we have are delivering, when, what the technology's going to allow us in 2008 and 2012, what we think it'll allow us, and then maybe adjust our planning and our resourcing to cover the gaps and eliminate duplication.

Let me give you an example, the term "collaboration." There are some 30 or 35 programs that either are collaboration in nature or rely on collaboration. As long as collaboration is a web service that is an icon on a piece of glass that you can click on, nobody should care where it comes from. We get into religious wars, though, about is it this program or is it that program or whatever. There are a number of video collaboration services being produced. We probably ought to have one or two and not seven or eight, and take the money that was going to be spent on those other extras and put it someplace else, into a gap that we might have found.

So the idea behind a net-centric roadmap is to find what we're doing. And that may sound silly, but we're about projects, we're about programs, we're about platforms, we're not about capabilities necessarily. Find out what our programs are producing, look at the capabilities that we need, look where the gaps are and duplication, adjust the planning and resourcing, and try to get some capabilities-based planning done instead of program-specific planning done. If we're successful with this, we will team with Joint Forces Command and others, Strategic Command, to broaden and export this to the rest of the department if we can.

Mr. Thomas: John, it sounds like DISA's right in the center of jointness. How is DISA approaching this from the coalition perspective?

Mr. Garing: Well, that's the $64 question, I think. In our strategic planning visits and in our inquiries we made to the combatant commands about our 500-day plan that is the single biggest, most asked about capability is coalition information sharing. And we haven't got a good answer for that right now. There are a number of systems that allow us to share, on an ad hoc basis in some cases, in some cases on a predictable basis, with our allies, our coalition partners.

But if you look at the tsunami relief at the end of December, there was a come-as-you-are coalition built with partners who we probably hadn't thought of using, not just other countries, but also nongovernmental organizations as well. And we have to be able to talk among themselves. First responders, strategic partners, guys who fly in fighter planes next to our people, people who understand, like in the tsunami relief, the culture of the country and how the place is laid out and what the road infrastructure's like, and be able to share that in a network, some of it classified, some not, is difficult. So there's a lot of pressure being put on all of us in this business to find an answer -- and it's not going to be a silver bullet -- find an answer to the information sharing. And it's probably going to be in the information sharing's architecture, which is a different way of approaching this. It's more identity-based.

There's another thing, if I can do one little opinion here. All of us were brought up in a culture where the information is owned by the producer of the information, who controls the need to know, and especially in the classified arena. Net-centric turns the apple and now it's really consumer-based and we have to assume that the consumer needs the information to do his or her job and making sure that he or she has their permissions to get it is a more positive way of looking at it than saying, yes, proves the right or the need to know.

And that's getting at the heart of the coalition problem as well. This is a hard, hard problem that everybody in OSD and DISA and the services and combatant commands are talking about.

Mr. Morales: John, is the issue any easier or just as difficult closer to home with respect to the emphasis on homeland security with increased communications between federal, state, local, and travel government entities?

Mr. Garing: In some regards I think it's easier and in some regards I think it's harder, and part of that has to do with the funding. DHS has its source of funding. OSD has its source of funding, the Department of Defense. And we've got to make sure that we give to Caesar what is Caesar's here and not cross-pollinate.

But having said that, U.S. Northern Command's job is to, if I can use the word, broker the relationship with homeland security and homeland defense and how OSD -- how the Department of Defense helps. And under their leadership we're beginning to take these pieces on one at a time, but it's going to be long time before we have ubiquitous information sharing where, you know, a fighter pilot can talk to a fireman. It's going to take a while to do that.

Mr. Morales: Well, that certainly is going to keep us busy for a while. What are some of the challenges associated with meeting the evolving customer mission changes? We will ask DISA CIO John Garing to explain this to us when the conversation about management continues on The Business of Government Hour.

Mr. Morales: Welcome back to The Business of Government Hour. I'm your host Albert Morales, and this morning's conversation is with John Garing, chief information officer of the Defense Information Systems Agency. Also joining us in our conversation is John Thomas.

Mr. Garing: Well, my office is the secretariat for the board. Our corporate board is the 20 senior people in DISA by position, the strategic business units. By the way, we believe and embrace a balanced scorecard concept that comes out of the Kaplan/Norton book, Strategy-Focused Organization. Our strategic business units and our shared service units and our special staff are on the corporate board. And it meets twice a week regularly: once on Monday morning for a operations review of the past 168 hours and then with a small staff meeting to follow, then on Wednesday mornings we meet and we call them senior strategy sessions, and they're focused strictly on strategy. We don't do informational briefings. We don't do operational reviews. We do tough, strategic questions that we need to have the seniors and the senior leadership contribution on, opinions on.

And in those sessions we at times get emotional, but the directors, director and vice director, have created a senior staff and a mood -- atmosphere -- that allows us to get emotional in those meetings and then leave as friends. We have been tackling programs or problems one at a time or two at time for the last -- well, I was going to say 18 months, it was probably less that that. We really got into gear on this probably around the first of this year and we've begun to be able to take problems, solve them and put them behind us, and move on to the next one rather than have them linger.

And sometimes you got to have people with biases say what their biases are in public and argue about them, and then we leave there as a team and we're moving on. Our vice director, Maj. Gen. Marilyn Quagliotti, has led most of these and she is decisive at the end and, okay, everybody has their say, this is what we're going to do, and we go on from there. So it's a good exchange. It's a good way of solving problems, good way of planning where we're going, particularly planning where we're going, and you end getting to know each other better, too.

Mr. Thomas: What are some of the challenges associated with meeting the evolving customer mission changes and do you ever invite your customers to attend some of these strategy planning sessions?

Mr. Garing: We don't invite them into our own corporate board sessions, but we have sessions with our key customers, some routinely. For example, what we call a board of directors meeting with the Missile Defense Agency, that's a quarterly affair. We have DISA-Defense Logistics Agency Day where Admiral Lippert brings his staff to our place this year and the two senior staffs sit there for a half a day, five hours, and go through mutual issues and concerns, and some back-patting as well. And in the off-year, we'll go down to Ft. Belvoir and meet with Admiral Lippert down there.

We've done it with the services, too, mainly on Net-Centric Enterprise Services and what Net-Centric is. The movement to Net-Centric has affected everybody, not just us. And the way we fight today, which we have proven again in Afghanistan and Iraq, is indeed joint. And it is almost to the point now that if you cannot fight joint, for whatever reason, you're not relevant. And it'll get to the point that if you cannot post your data on a network, you won't be relevant because you're going to have to have sourcing data targeting ISR or whatever, all available sources. It's a shame to think we have young soldiers in harm's way and we have information that may be available to some other stovepiped source, that had those soldiers had that, they would have avoided a firefight or would have had the upper hand in a firefight. So the movement in Net-Centric has caused us a lot of change: the way we organize, the way the Army's organizing today, the way the Air Force is organizing, those expeditionary forces. And that has caused differences in the way we deal with what they want.

Distributed networks, distributed data, both pose security issues, John remembers from his Marine Corps days, that we need to deal with in a different way. Putting data on a network, as I mentioned earlier, how you accredit that, how you make sure that it's timely, how you make sure that the predator feed that somebody's drawing down in Afghanistan is the most recent and is it, in fact, live, or is it archived? How do you tag that and make sure that you've got the most relevant current data for that person? That's all difficult.

And on top of that the world is changing. We're rebasing in the Pacific, we're rebasing in Europe. That has a large implication for us because we have to provide the infrastructure in those places and that's a resource issue. And we have to make sure that we are locked at the hip with European Command and Pacific Command in these cases so we can do the planning that will enable them to do what they have to do and it won't be an out-of-cycle bill to pay for somebody because we didn't do our planning properly.

So as they change, we change. In some cases, our changes, like the GIG band expansion, putting those large fiber pipes into 80-some locations, is going to change the way we do business as well in the department. It's going make putting data on the network much easier and much cheaper, and that should change behavior. So it's a constant evolving. They change, we change, we both change, and we feed on each other.

Mr. Thomas: John, you mentioned the balanced scorecard. Are there other performance metrics that you use to determine if you're on target and how do you involve your customers in this process?

Mr. Garing: Well, we have lots of metrics: metrics for the network, metrics for the data center that are used principally by the people that run those. Corporately we look at the metrics every week, every Monday morning, the operational impact.

We involve our customers through the 500-day plan principally to get what it is that they need from us or what we're not doing. And we have customer forums, like the conference, that we get feedback on. But we try now to move most of our metrics into the balanced scorecard. We believe in it. And every quarter I stand before my peers and defend my corporate strategies that I'm responsible for and my internal strategies and their measures and the initiatives. And if the balanced scorecard does not reflect what our customers want, either one of two things is wrong: the balanced scorecards are wrong or our customers are wrong, and it's not them. If the balanced scorecard does not reflect our resourcing, our palm, and our budget, then one of two things is wrong, and we have to make those things work together.

This is not just a reporting or a metrics technique. It's a real way of organizing and running a business that we think has got a lot of merit to it. So we are actually looking at statistics. Every month, one-third of the organization briefs. So we have a five-hour session on a Thursday afternoon. Every month we go through the metrics. And if anybody from DISA's listening to me, they all enjoy this as much as I do. It's a very painful process, but it's a necessary thing. So it's peer review, you can't use smoke and mirrors, and it's good for us.

Mr. Thomas: John, what is your biggest challenge to meeting or exceeding the tenets of the Klinger-Cohen Act and how are you making progress?

Mr. Garing: Well, I think that we do okay within DISA. And as a CIO, my organization signs off on virtually everything we do. The larger issue here is, I think, the programs that we are doing for the Department of Defense that are not internal at DISA. We are heavily involved in the analysis of alternatives and in the certification of things that go on the network. Getting an understanding of, no kidding, what is a good solid analysis of alternatives is not as easy as one might think. It's got to have some rigor to it that'll look really at are the alternatives real, first; second, have you done an honest assessment of what their strengths and weaknesses are; and third, in the end, when you've done the analysis does that lead you to the right conclusion? Not the acceptable conclusion, but the right conclusion. And it's not always easy to do that. And AOAs, as we call them, are tough to crack. And I know that Dr. Wells views it the same way that he relies a good deal on the analysts to do rigorous analyses to make sure that we get the decision that's right, not just acceptable.

Mr. Thomas: John, earlier you talked about information sharing. What processes do you have to reduce or eliminate silos of information that may exist within the agency?

Mr. Garing: Well, just this week, our vice director appointed a colonel, Yolanda Cruz, who is going to be the agent of change to make us really net-centric. We have silos, like everybody does and we have been going after them a bit at a time, but not at a pace that is fast enough to do something meaningful. So the parts of my CIO organization that do portal and are some of the internal applications in the network are going to support her in an effort to bring all applications we have into some net-centric view of the world so that we can share data better, and data ownership will be the directors, not individual organizations in DISA.

It's easy to preach from a stage about what being net-centric is. It's awful hard to do it because, you know, we have box huggers like everybody, and that's my server, you know, I need to see it right there, it cannot be someplace else. And that's my information -- because information is power. So getting people to share data is difficult, but we'll do this. We will do this or we're all going to die trying -- I'm telling you right now.

Mr. Morales: That's very interesting, John. What does the future hold for DISA? We will ask DISA CIO John Garing to explain this to us when the conversation about management continues on The Business of Government Hour.

Mr. Morales: Welcome back to The Business of Government Hour. I'm your host Albert Morales, and this morning's conversation is with John Garing, chief information officer of the Defense Information Systems Agency. Also joining us in our conversation is John Thomas.

Mr. Garing: Well, the movement to net-centric has changed things. We find ourselves moving away from building things, first of all. We have pretty much the philosophy that we're going to buy before we build. Second, rather than acquiring capital assets, we'd rather acquire a service that may be based on a capital asset, and I'll explain that in a second. And third, the need for large-scale integration is not like it was, say, a few years ago. So that kind of puts into perspective what it is that we want from our vendor partners and what we think we need from vendor partners.

If I were king for a day I don't think we'd develop any software. We would acquire off-the-shelf capabilities as we could. And I'm not a big student of this, but when you look at enterprise resource planning tools, ERPs, one of the things that has made them difficult is that the customer tends to want to customize them, which makes them every one of them a one-off and becomes more expensive rather than adapting to the processes, the business processes that are resident in the ERP and then try to change them to reflect the agency or the organization that's using it. So we believe pretty much in buy before you build.

Secondly, in our computing business we have done some things that are probably pushing the envelope a bit. And we've gone to a concept, a lot of people use the term "managed services," but managed services, capacity on demand, utility, pricing. And we have a number of contracts in place now with key providers that are based on those concepts. And the easiest one to talk about is processing power on the floor of the data center and in mainframes. And probably we still have some 50 of those.

We have a need to run -- pick a number -- 60 applications or 70 applications on mainframes that either are based on the IBM zOS or on the Unisys proprietary system. And what we have done in the past typically is when we have to increase capacity or change technology we have written a specification, put it in the Request for Proposal, and sent it out even though it may a sole-source. Sent it out, got the proposal back, had to check the I's and T's and make sure that we're all dotting and crossing those the way we should, and then look at does it meet the spec, does it meet the statement of work, is it priced reasonably, and then award the contract. And then you live with what you got.

What we've done now is taken a lesson from United Kingdom and some others and gone to a different way of looking at things, and that is using statement of objectives, three or four pages long, that describes the problem that we want to solve, and then asks the vendor community that's going to bid on this, tell us how you would do that, with no specification or very little in specification. Here's the analogy. If you've got two tons of trash to pick up every day, you ask trash contractors to pick up the trash, you don't tell them to use a broom or a vacuum or people or a plow, you just tell them to remove the trash. And then you evaluate them and how responsive they're going to be and how much it's going to cost you.

We did data replication for -- this may be a sore subject for a couple of you here in the room -- but data replication for IBM mainframes. We went to a number of vendors and we said this is what we want to do. After trying for 19 months to do it ourselves, this is what we want to do. And we don't care what technology you use, we don't care how it's done, but this is what we want to do and this is the kind of service level agreement we're going to ask you to sign to guarantee that you'll do what you do. And then we evaluated -- we got it turns out three different approaches -- all three different -- and we made the award based on best value. So the idea is to share the problem with the people that know how to do it rather than telling them what we want done exactly.

And we do this then in the case of processing power where the vendor retains the ownership of the capital assets. We have to put it on our floor, under our security and operations for security purposes, but let the vendor manage the capacity on the machines. In one case we went from 24 large boxes to 4, and we didn't notice a difference. In that case, that vendor realized some economies and we asked to share in those, so our bill went down as well.

Managed services, acquiring a service, paying for capacity on demand, only what we use is where we're going. We've done some of that. We deal with about five classes of vendors: The large-scale integrators, the lead systems integrators, the LSIs, the big companies that we all know; the companies that are of a similar size, but also have technology and R&D; and then -- the third category -- there are those that provide mainly just labor, services, professional services; the fourth are the hardware and software providers, the technology providers by themselves; and the fifth is the smaller companies, niche market companies, like in the Silicon Valley that are developing unique technology for a given market that gets venture capital funding. And the people behind the idea of the technology have never associated that with a military requirement and we may very well have R&D programs going on to solve a problem that has already been solved, but we haven't been able to connect the dots.

So as we move into this net-centric and buy before you build and do small spiral development where we build a little, pilot it, learn, invest what we learned into the pilot and build some more, it changes how and when we buy things. And we want to make sure that our vendor partners are attuned to us and that they can influence what we do and that we can influence what they do. And when they come to see us, come to see our director, that's always one of the conversations that we have is how is it we're going to work together better, continue our relationship into the future because things have changed. And, you know, the likelihood of seeing out of DISA a large systems integration effort for any specific program is probably not high.

Mr. Thomas: John, speaking of the future, DISA has been very active in support of the war-fighter as well as national and international disaster relief. Do you see much change in your mission or the environment in the future?

Mr. Garing: No. In fact, the global war on terror coupled with things like the tsunami relief require you to be -- or us to be -- resilient and agile and flexible. What allowed us to do well in a lot of cases is the senior leadership that has, and I'll call it instinct or intuition. Our former director, Gen. Harry Raduege, and our current director, Charlie Croom, and the senior civilians and our vice director, Gen. Quagliotti, have been doing what they've been doing for a long time and they have instincts. And after 9-11, Gen. Raduege, on instinct, committed to the lease with the proper authorities now at risk of some commercial satellite band with some transponders because he knew that within a month or two we were going to have to be doing something in Southwest Asia. In the Gulf War 12 years ago, 12 or 13 years ago, a lot of that was gobbled up by commercial concerns before we had a chance to get at it.

So we have instinct and intuition based on the experience level of our people who have been doing this for a long time. We get the agility from beginning in the interns and the new people that are bright. You know, it's the young captains, and John knows this, and lieutenants who make us older folks look sometimes backwards. My wife says to me when I'm trying to do something with the VCR that what we need in this house is somebody under the age of 35. And the same thing happens in war. And getting the right kind of mix is what we are trying to do to make us continue to be a little bit able to see around corners with instinct and intuition and a lot having the infusion of bright, young talent that we need to make sure that we keep pace with the world around us.

Mr. Morales: Talking about the mix, what advice do you have for the young people who are interested in a career with public service, especially those interested in information technology?

Mr. Garing: You couldn't want a more challenging, intriguing job than lies before you in the IT profession in the Department of Defense and, in fact, in federal government. If you like excitement, if you like challenge, if you like to do the impossible, there's no place better to work. This is a fun thing to do. Now you may not get as rich as you would in the private sector, but myself, I came back after eight years in the private sector because I wanted to know I was contributing. And, you know, I can say honestly that in seven of the last eight years -- the first year was a little bit slow for me -- but I have enjoyed coming to work every morning, and it's because you can contribute. And it just makes a difference.

And in the federal government, in the Department of Defense you can make a difference every single day. That was one of our slogans: Our people make a difference every day. And I believe in that passionately.

Mr. Morales: Well, John, that'll have to be our last question. John Thomas and I want to thank you for fitting us in your busy schedule and joining us this morning. We also want to especially thank you for your service to our country, both as an officer in the U.S. Air Force and now as CIO for the Defense Information Systems Agency.