Brian Neely started his career at American Systems in 1996 for his first post-college position in industry and now holds the dual roles of chief information officer and chief technical officer at the employee-owned government services contractor.
Neely oversees planning and management functions for the company’s technology and information management-related resources and has also supported acquisition initiatives there.
ExecutiveBiz recently caught up with Neely to discuss how he manages both the CIO and CTO hats he wears at American Systems, the company’s current efforts to migrate into a cloud computing environment and his advice for how future information technology leaders should pursue their education ahead of employment.
ExecutiveBiz: How do you divide your time between the CIO and CTO responsibilities?
Brian Neely: I originally started off as the company's CTO over a decade ago and after about a year as the CTO, I took over the CIO's role as well when our then-CIO retired. Although my passion is on the CTO side of the house, I apply the majority of my time to the CIO role, deploying and managing technology instead of helping to create it.
I spent my first ten years as a defense contractor working directly with the Army, Navy and intelligence communities, I really like being “˜hands on' helping to solve problems. Right now it is much more important for the company for me to focus on my CIO role, helping to manage and transform business technology. The emergence of cloud technologies, big data analysis, mobility and cyber threats have certainly helped to challenge and energize my CIO side.
ExecutiveBiz: How do you work with the other company leaders on IT budget decisions?
Brian Neely: We are extremely open and transparent with our activities and objectives. I present quarterly to our board and executive team, providing updates on existing programs and insight into any new initiatives we are undertaking. Every week I also meet with the business office executives and general managers to discuss ongoing operational activities.
Anyone in the company can certainly come to me, at any time, if they need help solving a problem that technology can help out with. Within IT, we have a five-year strategic plan that we keep routinely updated, so everybody can see the direction that we are heading in. It's important for people to see future shifts in technology and strategy, particularly with disruptive concepts like bring your own device and cloud computing.
From a budget perspective, we have a very efficient IT organization that has a track record of making very good technology decisions. We have consistently cut our budget over the years, while simultaneously delivering higher-quality services, expanding user capabilities and enhancing the overall security posture of our people and networks.
Having an IT leadership team that stays current on evolving technologies and trends is key for us to employ innovation, rapidly adapt our skill sets and introduce creative technology solutions. Last year, we came in under our approved annual budget at a substantial figure of nearly 25 percent. This was primarily due to our ability to rapidly adapt to and take advantage of emerging technology concepts like software-defined networking and storage.
ExecutiveBiz: What should CIOs and CTOs focus on when they seek to complement today's corporate agenda?
Brian Neely: Focusing on being efficient and secure are the most important things, especially for somebody working in the defense or federal contracting world. It is just the kind of world we live in today. Right now, my true focus is on our cloud migration strategy and on cybersecurity, which dominate and guide every project we take on.
We are in the process of migrating entirely to the cloud and have collapsed 11 regional data centers down to three and hope to have zero in operation by the end of 2015. Of course, anything requiring sensitive data handling will still be kept on premise and isolated or air-gapped depending on the security requirements. Everything else is going to the cloud.
We have been working on our overall cloud strategy for more than 18 months now, including architecture, vendor selection and migration phasing. Even in the cloud, it's pretty amazing the kind of security and certifications you can achieve, including FISMA and FedRAMP compliance, FIPS 140-2 encryption, International Traffic in Arms Regulations adherence and now even DISA Cloud Security Model levels 1-5 for the handling of sensitive workloads.
We ran the models many times and a “hybrid cloud“ approach doesn't work for us, because we won't see the substantial cost savings we want to achieve. Running a hybrid cloud environment is essentially managing and paying for two entirely different IT environments, which is difficult and costly. So our objective is to move 100 percent into the cloud.
Another key advancement has been the ability to define our datacenter environment simply through the use of software, using abstraction to completely decouple the decision systems from their underlying physical infrastructure. This dynamic approach is fast, scalable, flexible IT automation that can truly turn rigid, complex infrastructure into simple code.
By having infrastructure resources defined in code, we can re-build failed infrastructure in minutes instead of hours, days or even weeks, we can push infrastructure into new data centers with just a few clicks and our infrastructure becomes as verifiable, testable and repeatable as regular application code. Software-defined infrastructure will completely redefine the IT landscape and I am amazed at what my team has been able to do with it.
The other item that sits atop our agenda is cyber. We have applied a lot of resources and effort into the growth and maturity of our cybersecurity capability. We have a fully staffed, fully operational security operations center that monitors our enterprise environment in real-time. They work in tandem with professional commercial security organizations and federal security entities such as DoD and DHS, expanding their assets and reach exponentially.
We also established a dedicated cyber governance team that is entirely focused on evolving security regulations and industry best practices. Federal contractors have to deal not only with emerging threats, but emerging regulations as well. The Defense Federal Acquisition Regulation Supplement Section 252 is having a profound effect on how defense contractors operate and handle sensitive data, which is a good thing.
We are also following President Obama's new cybersecurity framework which was released in February 2014 by the National Institute of Standards and Technology. With the volume of attacks increasing rapidly and the intensity and sophistication that can be applied by highly-resourced state-sponsored threats, having an advanced security strategy that is augmented by the reach of hundreds of peer organizations will be key for a successful defense strategy.
ExecutiveBiz: What education tracks do you recommend for future CIOs and CTOs?
Brian Neely: That’s a tough question, as it depends on the person and their background. You should certainly focus on where you may have a weakness or where you want to get better. Selecting any program with a proven track record is also a good idea. Technology is evolving so rapidly that you should look at innovative and leading-edge schools.
For my graduate program, I selected Carnegie Mellon University, which was the top graduate program for a master's in information technology as well as computer engineering. I've also worked with Carnegie Mellon for a long time in the business world. They have a strong heritage in software lifecycle development and in cybersecurity due to collaborative programs with the federal government. If you’re in IT, you are likely aware of the programs.
Carnegie Mellon also has a very strong cyber program through their CyLab, it is one of the largest university-based cybersecurity research and education centers in the U.S. It is also a National Science Foundation CyberTrust Center and a National Security Agency Center of Academic Excellence in Cyber Operations and in Information Assurance.
People supporting the federal government should also have a good understanding of what CIOs at agencies go through. Getting certified by the Federal CIO council is a great way to do that. When I went through the program, students had to participate in eight different week-long courses. The sessions gave you a very good background and perspective of what federal CIOs have to deal with, particularly in their unique world of acquisition and management.
I have a background in engineering and IT and most people coming from a technical background miss out on the business side of being a CIO and the fact that understanding business challenges and technology alignment are key. GAAP compliance, chargebacks, industry regulations, accrual-based accounting, these weren't areas I had much experience with from my technical background. Business school can help a lot.
There are countless good business programs out there and I chose the Wharton School at the University of Pennsylvania. It gave me an entirely new perspective on how to do my job effectively and properly. A real key to being a successful CIO is having a solid understanding of the business side of the house, the challenges they face, the pain points they have and how you can augment that with technology-based solutions in a fiscally responsible manner.
It also helped that I spent my first 10 years at American Systems on the direct-delivery side of the business, so I already had some deep insight into our business operations.
ExecutiveBiz: What led you to join American Systems?
Brian Neely: This was my first real job out of college and I have been here since. It's hard to believe that was almost 20 years ago. I am glad I stayed because I absolutely love it here. I have an engineering background with ocean and aerospace engineering disciplines and American Systems was a growing company with opportunities that fit my background.
I joined the company as a systems engineer working on several different ship platforms, including a Littoral Combat Ship called LPD-17 and the floating weapons platform called SC-21/Arsenal Ship. I worked on several different Navy and Army programs, eventually ending up supporting the intelligence community. Soon after, I moved over to the corporate office to support several of our strategic acquisitions, eventually taking on the role of corporate CTO.
American Systems has provided me with a depth and breadth of professional experience I wouldn't have found elsewhere and most importantly, the opportunity to grow and share in our success as an employee-owner.