The nominee for the position of director of the Office of Personnel Management said that his top priority for the agency will be IT modernization.
“I believe my potential greatest challenge also provides an opportunity for great accomplishment, if I am confirmed as director, in the area of IT modernization,” said OPM Director nominee Jeff T.H. Pon, who is chief human resources and strategy officer at the Society for Human Resource Management. “Outside of work, Federal employees are able to access nearly any piece of information they need, from their bank accounts to student loans to car insurance, all on their phone. We need to work toward providing the employees of the Federal government with the same conveniences with regards to their employment within the Federal government, with appropriate attention to information security.”
Pon said that one of his most important IT modernization projects will be creating the National Background Investigative System (NBIS) that will replace OPM’s legacy system, support more efficient operations, and improve system security.
“My role, if confirmed as the director, would be to promote all of these activities and work toward the expeditious completion of the design and implementation of NBIS,” Pon said.
Pon was deputy director of eGovernment at OPM from June 2003 to December 2005.
Pon also described his cybersecuity experience and said that preventing cyberattacks like the 2015 OPM breach would be one of his main goals. While at OPM, Pon was a governmentwide project manager, certified by the CIO of OPM. His team applied Federal Information Security Management Act (FISMA) requirements and related NIST and OMB guidance to their work at the agency. Pon said that as director, he would work with agency CIOs to improve their FISMA scores.
One way to improve FISMA scores is to hire and retain cyber talent in the Federal government, which OPM and other agencies have found difficult.
“If confirmed, I am committed to working with agency hiring managers and human resources staff to help them identify skills gaps and find and recruit the best professionals to fill these positions, consistent with applicable law and merit system principles,” Pon said. “Also, cybersecurity efforts need to continue to evolve from meeting a requirement at a point in time for compliance, to fully achieving real-time dynamic and continuous monitoring with continual, agile innovation in the technology supporting cybersecurity.”
Pon said that updating old systems goes hand in hand with improving OPM’s cybersecurity posture.
“Upgrading OPM’s IT infrastructure is a central component of OPM’s risk mitigation strategy, to mitigate both cybersecurity risks and the operational risk posed by outdated and underperforming equipment,” Pon said.