As dozens of Federal agencies continue to petition the TMF Board for some of the $1 billion of funding that the Technology Modernization Fund (TMF) received from Congress earlier this year, one of the Federal government’s best-positioned officials to offer advice on the process stopped by MeriTalk’s TMF Forward virtual event on Dec. 16 with a bag of tips on how agencies can hone their proposals and clinch funding deals.
Matt Hartman, Deputy Executive Assistant Director at the Cybersecurity and Infrastructure Security Agency (CISA), is not only the primary contact for Federal agency CIOs at the cybersecurity agency, but is also a long-serving member of the TMF Board and one of a handful of senior officials who are pulling double-duty in evaluating agency funding bids.
Agencies already know the categories of projects that the TMF Board is looking to fund – cybersecurity, high-value systems, citizen service, enterprise approach – but beyond that, the board’s non-public deliberations can become murky to the outside observer.
Along with updates on the board’s recent progress in tackling agency proposals, here is some of Hartman’s best advice on how agencies can make winning bids.
Hartman said the TMF board is “moving quite aggressively” in sifting through proposals submitted by Federal agencies for TMF funding – with some of those getting extra attention based on their focus areas.
“In the last five months, the board has conducted deep dives on, I think, just north of 50 proposals with formal decisions to fund seven of them” in late September, he said. “This represents a fairly significant increase in scale when compared to recent years,” and is firmly tied to the imperative to deploy much of the $1 billion that the fund received earlier this year, he said.
To optimize the process of soliciting and evaluating agency funding bids, “we are continuing to focus on trying to be a bit more prescriptive in trying to provide agencies clear guidance and clear criteria in terms of the types of proposals that we are likely to fund,” Hartman said. “The last thing we want to be doing is wasting agencies’ time in developing proposals that are not ultimately going to be funded.”
The TMF Board and staff, he said, felt some capacity strain early on with the big influx of bids from agencies, but since then has benefited from adding resources to the TMF program management office. “We have committed a number of dedicated resources to work directly with the TMF PMO to help define and refine in scope both existing and future cybersecurity-focused proposals,” he said.
Those extra resources, he indicated, will continue to be needed because agency demand for TMF funding is showing no signs of let-up.
“I do not see demand waning” from agencies, said Hartman, who indicated that the TMF Board has had to be choosey with proposals because its funding capacity is limited. “My sense is the proposals will increase both in volume as well as in terms of quality.”
“Quite frankly, this entire effort, the modernization of Federal IT is going to require a sustained commitment from Congress, whether it’s through TMF funding, through centralized funding, or through decentralized funding,” he said.
“There is no better way to sustain this funding than for all of us” on an interagency basis “to come together, to work together, to have a common set of priorities, and to gain efficiencies and focus on the Federal civilian IT enterprise as an enterprise – at least in the civilian space – rather than having 101 unique agencies all going in similar, but not necessarily cohesive directions,” he said.
When looking at agency bids to improve network security, “we are looking at projects that really move the government toward a consistent baseline of maturity, and this includes addressing some of the core gaps that were uncovered as part of our response to last year’s SolarWinds incident,” Hartman said.
“This includes efforts like modernizing infrastructure to ensure defensibility and to ensure resilience,” he continued. “It includes moving towards zero trust architectures,” evidenced by some of the board’s awards announced in last September, “but we’re also focused on ensuring that agencies are able to maintain the capabilities and performance that they need to deliver modern services and succeed at their missions,” he said.
“Zero trust, while it is one of the primary focuses, is not the only capability or principles that we are looking at in terms of funding cybersecurity proposals,” Hartman emphasized.
He also said the TMF board has also been working with agencies to better clarify what it’s looking for in cybersecurity proposals.
“The cybersecurity umbrella is a fairly big umbrella, and it wasn’t immediately clear to the agencies what types of proposals or capabilities were most likely to be funded,” he said. “That is a correction that we have made in recent months through a number of venues in terms of helping clarify the criteria and the board’s priorities, which is really already started to pay dividends.”
“We are also very interested in continuing to work with agencies to use this opportunity to modernize high-value assets, to modernize systems that contain high-value data that includes citizen data. We’re also focused on using the TMF to jumpstart strategic efforts” aligned to the Biden administration’s Cybersecurity Executive Order issued in May, he said.
Along those lines, he said, “we’re using this as an effort to focus on areas where we think that proposals and resulting efforts can catalyze effort across the community – whether it’s through sharing playbooks or developing shared services – that can be used more broadly than just the one agency who was funded in the first place.”
“We are really focused here on addressing common-to-many or enterprise wide challenges,” Hartman said. “That is really the sweet spot in terms of how we can achieve maximum return on investment to TMF funds.”
And further to the goal of having enterprise-impact, Hartman said the TMF board also takes the view of a “strategic investor” in what will make improvements across the board in government.
“We are deeply invested in the success of the projects, not just at the agency who is implementing the project, but also for the broader enterprise,” he said. “We really see the role of the TMF board and the PMO to capture lessons learned, to capture successes, and to think creatively, to work with the Office of Management and Budget for future budget cycles, and think about how we can scale some of these efforts that we are catalyzing through the PMO or through the TMF more broadly.”
For a Federal agency that has worked up a good proposal, but needs a little more fine-tuning to close the deal, Hartman offered a wealth of practical advice.
“First and foremost, we’d like to see a level of specificity that aligns to something that has been communicated as a gap or an administration priority,” Hartman replied when asked for advice about what can clinch a proposal.
“In terms of a little bit more granular advice after reading through many, many dozens of these over the last several months, I would say the most effective proposals are those that clearly illustrate the impact that the effort will make, with bonus points if an agency is focusing on a citizen-facing or public-facing service,” he said. “That has always been a core principle of the TMF, and it remains one.”
“A second key area for getting the TMF board to buy in early on is that an agency and its CIO shop has gotten buy-in from a business sponsor before submitting a proposal,” he said. “There are times that the CIO has brought the business sponsor to the TMF pitch to help make that formal pitch, and to speak to the business need and express their commitment to the proposal’s success.”
“Finally – and this is fairly basic – but convince the board that you will be successful,” Hartman advised.
“We are not inclined to fund proposals, the success of which remains in doubt” to the person who has made the proposal, he said. “So make it tight, make it concise, show where you are going to be able to make early wins and get some early successes, gain momentum and build on that momentum.”
“There really is a personality piece of this,” Hartman emphasized. “If the folks who come in show that they’re prepared, [and] that they have a plan … they have resilience, and they have done work like this in the past, [they] are more likely to be funded than those who don’t come prepared.”