Danny Harris, CIO at the U.S. Department of Education, has been working to reduce IT security risks within this major federal agency.
With a $100-billion-plus budget, the agency's primary charter involves providing grants and loans to educational institutions around the country, and then tracking the progress of those awards.
The agency recently hired an independent consultant to assess the state of its security, and the prognosis, Harris candidly admits, was that "we're far worse off than I had thought."
"But now I can sleep at night," Harris says, because he knows exactly what he's dealing with. To fix the problems, the department is implementing auto-monitoring tools to watch for breaches across the board.
Harris, 52, has also worked to reduce another type of risk, one he "inherited" when he became CIO about three years ago, says Anthony Miller, deputy secretary at the agency and Harris's boss. One of the department's outsourcing deals simply wasn't working; "we were getting poor service and had uncertain, escalating costs," Miller recalls.
To fix that, Harris instituted a tiger team to examine all the service-level agreements (SLA) involved in the system. Ultimately, the team changed all the SLAs to reflect what is important to the agency.
Because of Harris's leadership, Miller says, the agency has moved forward "substantially" in terms of process discipline, skills development and IT strategy, among other areas. All told, Miller says, Harris is an "excellent executive and first-rate CIO."