Though State of Washington CIO Bill Kehoe doesn’t lament his lack of operational responsibilities in that position, that makes his collaboration strategy all the more impressive.
Kehoe’s CIO background includes almost 23 years of public sector service. He was the first CIO at the Department of Licensing in Washington state. “That was my first foray into a CIO role. And I can tell you that I didn’t even want that role when it was first offered. I said no, a couple times,” he said. His reluctance was due to his love for the software development side of the house; however, he eventually did accept the CIO role in 2002.
“The great thing about each of my CIO roles is that I had leadership, and I had agencies that were very progressive, and they wanted to use technology to move forward into their strategic business, their goals for customer transformation, and otherwise,” Kehoe said.
His Department of Licensing was beginning to put things online for the first-time including driver’s licenses, vehicle tags, vessel tags, and business licensing. “At the time it was pretty cutting edge for government.”
After eight years as CIO in the state licensing operation, Kehoe went to King County, Wash., as CIO. “That experience was much different, obviously, than being just one agency CIO,” he said. “In King County, with 2.5 million people, we had a very progressive technology landscape. We consolidated it, we established governance, we modernized the technology stack – just a lot of things.” In those seven years Kehoe was at King County, he had great success in moving the county’s technology operations forward.
Then Los Angeles County, Calif., reached out in 2017 and inquired about his interest in applying for that CIO position. Kehoe was intrigued and interested given that it’s the largest county in the country with almost 10 million residents – greater than that of 40 individual U.S. states.
Ironically, the other thing about the L.A. CIO position Kehoe found attractive is that it didn’t have any operational responsibility. I always favored that kind of authority in my CIO roles, but Kehoe had a different opinion. “I was able to focus on tech strategy, which was of interest at the time to really hone in on strategy policy.” The county had very robust data analytics and data management programs, plus a security policies strategy, and those were improving its posture around the county.
“We had deputy CIOs that worked with all of the departments in the county consulting with them on budget, strategy, policy, etc.,” he said. “When the CIO job for the state of Washington came up [in 2021], I felt like it was a great opportunity to take all those experiences that I had at the county level and bring them to my home state.”
I inquired more about the situation where Kehoe did not have operational authority in L.A. County as a CIO. “It was different. I felt at times that not having that authority over operations where I had to, it was more of a coordination role.” As to the operational function of the county there were some necessary negotiations and there was collaboration that had to occur. “Which I think is good because that’s how you make things happen,” he said. “You have to develop relationships and you have to collaborate if you want to move a strategy forward.”
From that aspect, Kehoe explained, it was challenging at times to have a strategy and not being able to execute on that strategy. It really depended on all the departments coming together and that’s where governance really came into play. “That governance structure that I had at King County, I transferred that to L.A. County and now it’s also the governance structure we’re using in the state of Washington.”
Kehoe said he felt this emphasizes a community philosophy of coming together around common enterprise solutions, common architectures, and building strategy around policy. “It brings in the business leadership in addition to the technology leadership,” he said. “Good governance is something I learned from my county experience, and it is really important in terms of bringing people together when you have a federated IT environment.”
Kehoe also spent some time over the last year as the interim CISO for Washington state, providing an interesting perspective on being a CIO at the same time as having CISO duties – especially as the CISO’s place in the CIO’s organization has changed in some states.
Kehoe felt that all these experiences have been very valuable for a number of reasons. “We had our CISO leave for the private sector. And I didn’t want to rush into just finding someone and appointing them. I really wanted to find the right person for the role.”
So he decided to step in as interim CISO. He knew he was taking on a lot of responsibility, but he felt that cybersecurity is such an important aspect – and a responsibility for the CIO – that he had to. “It’s not something CIOs can just push off to somebody else,” he said. “I mean, there are so many sophisticated attacks that happened to our agencies on a daily basis, and we just have to lean in, we have to understand what our role is and the services that we can provide to the state and the coordination that has to occur with our military department and our agencies.”
One final point, I asked about the issue of whether the CISO should report into the CIO or not?
“I would say absolutely, yes, on that one,” Kehoe said.
However, the other thing that occurred while serving as Interim CISO, Kehoe experienced a better understanding of the details about the important operational aspects of the state’s cybersecurity service, and he got to know the staff a lot better. “And that’s really helped me be more empathetic to what they go through on a daily basis, the type of work that they do, and to develop those relationships that I have now,” he said. “Wouldn’t want to do it forever, but it was good for the time.”