On Point: Q&A with Bob Gourley

March 1, 2021

Bob Gourley, chief technology officer and co-founder of OODA LLC, is a due diligence and cybersecurity consultant who also publishes OODAloop.com and CTOvision.com.

How can Defense Department decision-makers take better advantage of the innovations being produced by U.S. technology firms?

There is a famous William Gibson quote I’m fond of: “The future is already here—it’s just not evenly distributed.” Every day that quote becomes more relevant. Defense Department decision-makers who are seeking combat advantage can tap into the future by understanding that industry innovation is occurring at a rapid pace, and solutions to challenges in the Defense Department may have already been designed and built by industry. This is especially true in information technology. Too frequently, decision-makers in the department mistakenly think their mission would be best served by having their own developers, or the developers of an integrator on contract, write software. That is usually the worst possible approach and should be the last option selected.

What should technology firms do to improve their ability to support national security missions?

I always recommend technology leaders go the extra mile in seeking to understand the mission demands of the enterprises they seek to serve. There are many ways to do that, including listening to what Defense Department leaders say they need, networking with other peers that serve the national security community, and of course, engaging with organizations like AFCEA that help both government and industry better understand each other. Tech firm leaders can also improve their ability to support national security missions by ensuring their solutions leverage best practices in security and identity management. Solutions should also be built to be interoperable, since almost all national security solutions need to import and export data to other systems.

What must be done, especially by technology firms, to reduce the cybersecurity threat?

I’ve studied this question hard for decades, and finally I have a succinct answer to that question. At a high level, technology firms need to have CEOs that truly care about mitigating the cybersecurity threat. If the CEO does not really care, the company might be compliant with security guidance, but the lack of care and attention will translate to serious security gaps that could be the weak link in our national security. If the CEO does care, there will still be hard work ahead, but there is hope for agile, cost-effective cybersecurity that leverages best practices and really helps mitigate the threat. The CEO that cares about cybersecurity will continuously engage with the company’s leadership team, not just the developers in the firm, to discuss cyber risks and potential avenues of attack and mitigation strategies. Having a CEO that really cares is the magic ingredient.

What do you think is the next great information technology trend?

Convergence. In a defense construct, I would call that convergence on mission. But convergence is a broad trend that is going to impact every element of society. Convergence is the synergistic impact of new capabilities feeding off of each other. Think of the mission impact of all these topics converged: cloud computing, artificial intelligence, mobility, big data analytics, robotics, IoT, cybersecurity, quantum computing, virtual reality, augmented reality, additive manufacturing, space sensing, advanced communications (especially 5G, WiFi6). Any one of those trends could dramatically change how the Defense Department executes missions. So, imagine the power of transformation by considering them all at once! My recommendation: study these many trends, but always focus on how they relate to each other and how their convergence will improve national security missions.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Share Your Thoughts:

Bob thanks! Good comments as always.

I very much agree with you that "convergence" is the next important IT trend. As you observe, though in your opening, IT convergence is already underway with the first movers in the private sector; it is just not yet been "distributed" to the national security sector.

I am currently consulting with a Fortune 500 IT company with a pretty good convergence story looking to grow its IC business, but what we are seeing is IC agencies having no "requirement" for IT convergence. IC CIO's have four or five tried and true IT priorities (eg digital transition, executing a mission centric cloud strategy, data discoverability/access, AI/ML adoptionIT security, etc) not seeming to yet realize IT convergence of infrastructure, cloud, applications, security architecture in a DevOps friendly environment is what is needed to meet the IT priorities and resulting requirements IC agencies have established for themselves and presented to their industrial base.

To improve this situation I would recommend two things initially. First, that IT companies develop cogent explanations of convergence and what it can do based on relevant use cases from the "first movers" in the private sector. Skip the hype, the buzzwords, and suggestion that "our" convergence solution will solve all of your agency's IC challenges. Second, that IC leaders actively seek to learn more about convergence from those developing this hybrid capability AND from those on the leading edge of using these IT convergence capabilities.

We have all seen this movie before when the private sector lead the way with Cloud adoption, while the IC's risk adversion based insufficient knowledge about Cloud technologies resulted in the IC being at least five years behind the private sector and in some cases our adversaries in benefiting from this transformational capability.

Share Your Thoughts: