Like many other IT professionals, Gunnar Hellekson’s interest in computers was born at an early age, but it was not until college he received formal training in the field. While taking engineering classes, Hellekson put his skills and his entrepreneurial side to use and worked as a systems administrator to make some money. Not long after, he took the step to start up a number of Internet companies, doing business-to-business work and web development, eventually leading to the founding of a consulting company focused on helping small and medium-size arts and nonprofits in New York City. About four or five years ago, he traded the Big Apple for the nation’s capital and ended up working at Red Hat U.S. Public Sector as a chief technology strategist.
ExecutiveBiz: What do your current duties entail?
Gunnar Hellekson: My first duty is helping government executives understand what they can do with open source software. Most people think about free and open source software, and they think that it is free like free beer. But it is really more like freedom of speech, freedom to work with other agencies on complex problems and freedom to bring citizens and frontline government employees to the table and work with them to improve how services are delivered. It is something that still gets me excited. There are so many opportunities in virtualization, multilevel security, and service-oriented architectures. So that is a very satisfying part of my job. The other part of the job is to actually act as a liaison between our government customers and the open source community through the Red Hat engineering group. It is just as important for the agencies to understand what the open source community is doing as it is for open source and Red Hat to understand what the government needs. On the government side, you've got FISMA and EAL and on the open source side you have ‘upstream’ and ‘forks’ and GPL. I sit in-between the two, and get the two sides talking with each other. There's a third part of the job as well — and this is something new, and I think it could only happen at an open source company — that's to find opportunities for agencies and the private sector to collaborate on common problems. Open source makes this much easier. I spend a lot of time convincing government executives that yes, it's perfectly OK to ask for help. It is OK to collaborate with an open source community to get your problems solved. The White House contributed patches to the Drupal content management system a few weeks ago. HHS started an open source project called CONNECT, which is an electronic exchange for healthcare records. I think that is just the tip of the iceberg, and there are so many opportunities for the open source process, not just the software, in government.
ExecutiveBiz: Do you think open source means more openness in the government? Is open source going to always lead to more transparency?
Hellekson: I think it can. I think if you take the three tenets of the open government movement ““ that’s transparency, participation and collaboration. Transparency obviously helps, but I think that is mostly about data. Open source can help with that, but I think open source is best in how it's used in facilitating the collaboration and participation part of it. Macon Phillips, the new media director for the White House, called open source ‘the most concrete form of civic participation.’ I think he is right, because open source development is built around real work. It's a catalyst or focal point to bring a bunch of parties together to work on common problems when they otherwise might not cooperate.
ExecutiveBiz: Do you think open source also means more problems with security?
Hellekson: Security is definitely one of the biggest challenges I have met. I’ll sometimes find someone who is morally opposed to open source, or someone who has ideological objections, and it is a matter of doctrine for them. That is difficult. I think a lot of these convictions are born from misunderstanding the open source process. Once you look at the evidence, and this has been proven many times over, open source can produce better and more secure software. Once people realize that, and understand that we are not a bunch of socialists who want to take all of their software away, or a bunch of kids working in our mom's basement, and they realize we are real developers doing real, important work, they realize that open source is closer to the scientific method than socialism, they tend to be a lot more friendly.
ExecutiveBiz: Can you expand on some of the challenges you have met?
Hellekson: Working at an open source company is unique because you have all of the challenges that you would have working at an enterprise software company, and in addition, you have the baggage of the open source process. As much as you have to convince people that your product or you specific set of services are worth buying, you also have to give them a little bit of education and a little bit of evangelism.
ExecutiveBiz: Going back to security, what are some of the recent threats lately?
Hellekson: The threats that I have seen lately are mostly internal. I don't mean hackers from the inside or hackers on the outside; I mean the greatest threat from the increased focused on cybersecurity is the threat that comes from our reactions to real and perceived threats. I see this growing ‘Fortress America’ movement around computer security and the security of the software-supply chain. When I hear about plans to certify software development, or otherwise close our software development system, I get really nervous. Because I come from an open source background, I am certain that we cannot add more barriers to entry for good ideas into our software-supply chain. That can't be the right approach. We need more information, we need more ideas, and we need more collaboration and more transparency, and not less. I think there is a risk of overreaction to the threat. Another threat that I have seen lately, and it is along the same lines, is less about cybersecurity as it is about the way that software and systems are developed. There is definitely a lack of stewardship of government-funded intellectual property. Good ideas fuel open source, and when I see government pay for good ideas as part of a research and development process and then those ideas become owned by the company conducting the research, it’s frustrating to me as a taxpayer. Obviously, if there is a deliberate choice to do that as part plan to fund a technology transfer, I think that is perfectly fine. But in many cases, we are letting the government’s intellectual property walk out the front door. They have the power to make a lot of the research and a lot of the software behind that research available to the public. If you put in the public domain, people can learn from it and improve it. If we are able to educate the PMOs and say, ‘yes, you can make more of this stuff available,’ it is going to make life easier for everyone.
“We need more information, we need more ideas, and we need more collaboration and more transparency, and not less.” Gunnar Hellekson, Red Hat U.S. Public Sector
ExecutiveBiz: What is your take on the new Cyber Command and Keith Alexander?
Hellekson: I am hopeful about it. You're talking about a lot of smart people and a lot of resources brought to bear on a very important problem, and obviously I wish General Alexander a lot of luck. At the same time, I would hate for computer-network security to be relegated to a single entity. I think it is everyone's responsibility, and it is a much larger problem than any one command can fix. It is good to have coordination through a single entity, but there's also a danger of building another silo inside DoD. If that happens, I think it would be catastrophic. The tenets and the behaviors of cybersecurity can't just be in one organization; it has to flow through the entire DoD or the entire federal government.
ExecutiveBiz: What do you think makes a good cybersecurity professional?
Hellekson: I haven't the slightest idea.
ExecutiveBiz: Well, what makes you a good cybersecurity professional?
Hellekson: I'm not sure that you can distinguish between a good cybersecurity professional and a good software developer. Going back to my original point, if we decide that cyber is something separate and apart from the way we usually do business, then we are putting ourselves at a disadvantage. I think it behooves everyone to take responsibility for what they can in cybersecurity, whether you are an engineer or a systems analyst or a systems architect, security has to be part of your everyday life. While there are cybersecurity professionals who can help you and give you advice and guidance, it is definitely not exclusive to their domain.
ExecutiveBiz: What is one thing most people would be surprised to know about you?
Hellekson: Back in 2004, I helped campaign to reform the safety of New York's electrical system. A young woman, Jodie Lane, was walking her dog and was electrocuted in my neighborhood in New York City. I asked for more transparency from utility, and from the regulatory bodies, and we were able to establish that there was a serious problem with the electrical system in New York and that it wasn't a freak accident. That experience taught me the value of transparency and collaboration and the power of direct participation in the government and how it can be fueled by government data.
ExecutiveBiz: What do you do in your spare time?
Hellekson: I haven’t had any spare time in the last 15 years. My hobby seems to be collecting frequent flyer points. It's all business travel. Hopefully, I won't be arrested for this, but I collect flight-safety cards. Every different model of airplane and airline has a different safety card, and I think I have about 100 different cards at this point.