Leading the Cybersecurity Quality Services Management Office
In April 2020, the Office of Management and Budget (OMB) formally designated the Cybersecurity and Infrastructure Security Agency (CISA) as the Cyber Quality Services Management Office or QSMO. The QSMO is tasked with standardizing and making available best-in-class cybersecurity service offerings and capabilities to federal agencies. Recently, Jim Sheire, Branch Chief of CISA’s Quality Services Management Office joined me on The Business of Government Hour to tell us more about the mission of the office and what it has been doing to provide high-quality cybersecurity solutions for federal government agencies. The following highlights some of the insights shared during our conversation.
On CISA and its Cybersecurity Quality Services Management Office (QSMO). The Cybersecurity and Infrastructure Security Agency (CISA) is housed within the U.S. Department of Homeland Security. It is the nation’s risk advisor. We work with our partners to defend against today’s threats and collaborate to build a more secure and resilient infrastructure for the future. CISA is integral to mobilizing the collective defense to understand and manage serious risk to the U.S. critical infrastructure.
I am the branch chief of CISA’s Cybersecurity QSMO, which is the single shared services office for managing cybersecurity solutions and shared services across the entire U.S. federal civilian government. OMB formally designated CISA as the Cyber QSMO in April 2020, so we are a new office. We seek to centralize, standardize, and provide high-quality cybersecurity services and capabilities to our agency customers while also offer integration and adoption support.
Applying the concept of shared services, our efforts to standardize and automate processes and data collection seek to reduce operations and maintenance costs for agency customers. According to OMB, QSMOs are to standardize processes, reduce the technology footprint, and reduce government-wide operating costs. We are to offer and manage a marketplace of solutions for common technology, services, or fully managed services to respond to agency needs as well as guide and govern the long-term sustainability of the services and solutions.
On Managing the Cybersecurity QSMO. As branch chief, I oversee all aspects of the office, which comprises several key functions. Ultimately, we seek to develop and bring to the marketplace cybersecurity services and solutions needed to address cyber gaps across the U.S federal government.
- Stocking the marketplace: We manage the QSMO marketplace, our on-line storefront of cybersecurity solutions and services covering vulnerability disclosure platform service standardization1, security operation centers standardization2, and DNS resolution services3.
- Collaborating on standards and requirements: We are also collaborating across CISA specifically working with its Standards Area Lead (SAL). We run the marketplace and the acquisition strategies for solutions. The standards area lead work with the cross- agency community to develop that common set of standards and requirements and needs that we can then leverage in going out and partnering with a provider that meets those needs. We work with them to develop our new service offerings.
- Putting agency customers first: We stood up a function that is focused on customer experience. Thinking holistically about how we capture the voice of the customer. Getting the agency feedback on everything we do, taking that back to our service development in all aspects of the QSMO, and importantly, communicating with the agencies on how we took that feedback to improve our services and solutions. We focused on the customer experience because we want a strong feedback loop that brings those valuable insights back to us guiding everything we do through the life cycle not only from what their needs are but through the procurement, execution, and eventually delivery.
On Establishing an Office during a Pandemic. Standing up the QSMO right in the middle of a pandemic presented some unique challenges. How do you manage a totally remote workforce? How do you brief leadership, get buy-in on your vision, and the resources necessary for the PMO when the only engagement is virtual? We worked very closely with OMB and our governance board to make sure we were building out the functions accordingly to what is needed across government. Doing all of this while operating from a remote posture. It was quite challenging, but we managed to pull it off.
On Leading in the Federal Government. What has made the QSMO a great place to work is the real passion that the CISA team has for cybersecurity and our public service mission. The passion centers around all of us coming together to support our customer agencies and serve the American public. Along with having that passion, being an effective leader in the federal government requires one to be an effective coalition builder. It is that ability to bring seemingly disparate missions together to advance a common goal often with varying degrees of formal authority. While building coalitions, you also need to articulate a clear value proposition that emphasizes the value your activity brings to achieving a shared common goal. The success of employing all these qualities rest on having a strong mission focus. In our case, this mission focus goes beyond your own mission and includes the missions of your agency customers as well. At the end of the day, that is why we are in government. Keeping missions front and center underscores our value proposition to our partners and ultimately goes a long way in building effective coalitions that drive success.
On Considering a Career Public Service. You must have a serious appreciation for that public service mission. When you come to work at a government agency every day you recognize you are here to serve the American public. When considering a career, you should ask yourself questions: What is your dedication to an agency’s mission? Does such work bring you reward, inspiration, and satisfaction? If so, then join the federal workforce. Our CISA team helps to secure the nation from the broad array of growing cyber threats. It is a compelling, engaging, and inspiring mission. If that is for you, that desire to be part of a team in the national service, then go do it.