May 4, 2007 by jimstogdill
DISA Conference Notes
I must say that the annual DISA conference this week in Nashville exceeded my expectations. It was a great opportunity to meet people, network, and get a sense for the agency’s pains and initiatives. A good portion of the DISA leadership was making itself available on the floor and in the halls for conversation and discussion, and the relatively compact venue in Nashville worked to enhance the serendipitous pinball collision effect.
The keynote speeches effectlively laid out the challenges faced by the agency – the need for cultural change, the need to unbind themselves from what they think the rules say (instead of what they really say), get “the middle” to evolve through incentives and mindset, and other related themes. The “intransigence of the middle” point was on display throughout the event; hallway conversations after each keynote would be full of overheard snippets like “I’d love to do that but the security/testing/whatever people would never allow it” or “I’d love to do that but the policy/rule/process won’t permit it.” One has to be careful with these kinds of pronouncements though; often once something is named as a problem, the problem itself is somehow reinforced as the now called out “problems” dig in their heels further.
If I had one beef with the keynote speeches it is that I think they tend to be too sugarcoated to create the kind of urgency that is really needed for cultural change. The speeches were all on the “everything is great and moving forward according to plan” variety. The focus is on speed, sharing, and getting out of the box but the culture as it stands is simply too unforgiving of failure and squelches risk taking as a result. Instead of a keynote of “here’s the strategy and here are the successes since last year” I would love to have heard a bit more unvarnished “here’s the strategy, here are the successes, and here is where we are still too slow and too rigid…” The right balance between unvarnished self-assessment and forgiveness for failure. In fairness, maybe public self-flaggelation at an annual conference isn’t the right mechanism.
Maybe what is needed is a DISA version of Bill Gate’s Internet Tidal Wave memo (note to Ray Ozzie: great speech until you got to the open source question / response. Might be time for a Ray Ozzie Open Source Tidal Wave memo). If DISA were a company the urgency necessary to painfully but quickly drive cultural change would come from waning revenues, failing product lines, and loss of confidence on the Street. That mechanism doesn’t work here. So maybe Lt. Gen. Croom can write a memo to the agency, wait, scratch that…. Maybe Lt. Gen. Croom can do a video for the agency in which he describes the impact of the agency’s failure to get important programs like NECC and NCES (for example) done more quickly, in a more agile way, and more cost effectively. How those failures to be fast, if not corrected, will erode the agency’s long term viability and more importantly, are impacting the warfighter’s ability to be effective. Then interview warfighters up and down the chain of command and have them weigh in on what it means to them.
What I did find to be particularly refreshing was the apparent openness among the senior leadership of the organization. Lt. Gen. Croom has obviously built the kind of intellectually open environment among his staff where they feel like they can speak their minds (as evidenced by his CTO advocating loudly for open source during the Q+A after the keynote – calling out his boss directly, if only jokingly). I’m sure this openness will pay tremendous dividends during the ongoing change management process as the tone set at the top will filter through the entire organization’s culture. (By the way, probably 5 of 7 questions after the keynotes were about open source. It was unexpected how frequently it came up).
It was surprising however, in the context of that sense of openness, to have to sign an NDA when I picked up my badge. Who signs an NDA to attend a conference? I recall that it said something about protecting proprietary IP and “sensitive information” but I’m not exactly sure what I promised to do since I wasn’t offered a copy to keep after I signed it. Proprietary is easy, it is usually marked, but I’m less certain how to evalute what would be considered sensitive. Hopefully this isn’t.
You know, it’s kind of strange. The leadership at DISA has sent the message over and over again that they want an organization that will emulate the creativity, innovation and operational excellence of west coast firms like Amazon, Google, and Yahoo. But if you attend a west coast conference like O’Reilly’s Web 2.0 Summit there will be at least 100 people in the front rows real time blogging the event. People with laptops throughout the event will be conversing in chat rooms as the event unfolds to discuss the major themes etc., as the presentations are being given. Many more people will blog more thoughtful posts after the fact to continue the discussions started during the event. And finally, people will participate in sharing information, ideas and contact info before, during, and after the event via a wiki set up for the event. An altogether invigorating and refreshing set of interactions. The DISA conference in contrast asks you to sign an NDA and there is no wireless available anywhere in the building; but it wouldn’t matter because there isn’t a laptop in site. The cultural divide is palpable but hopefully not unbridgable.