In celebration of Black History Month – we are pleased to present the first of a 3-part Indiana Cyber Blog series highlighting the achievements of African Americans in cybersecurity and information technology.

Tracy Barnes, Chief Information Officer for the State of Indiana, recently spoke with Linda Cureton, who's distinguished, 34-year career in civil service includes the distinction of serving as the first African American to serve as the Chief Information Officer at NASA.

Tracy Barnes: It’s interesting to see not only the impact of what you were able to accomplish as a CIO in leading an organization, I found it remarkable the fact that you were able to apply your experience, skills, and knowledge across such a broad range of agencies -- everything from the Department of Justice and Energy to the Bureau of Alcohol, Tobacco and Firearms to Space Exploration.

What do you attribute your ability to lead these agencies at such a high level, given the fact each of which operated within different cultures and disciplines and likely relied on different processes and applications?  

Linda Cureton: The organizations are quite unique. One saying that I have, is that the one thing unique organizations have in common is their uniqueness. In other words, a CIO will have to consider people, process, and technology at each organization she serves – that’s the commonality. However, each consideration of people, process, and technology will vary. For example, processes at the Department of Energy were born out of the healthy, but non-collaborative competition of the Manhattan Project; processes at the ATF (Bureau of Alcohol, Tobacco Firearms and Explosives) were born out of the necessity of facing life threatening situations – fire, ready, aim; and processes at NASA were based on science and scholarly argumentation. Thus, the technology and people aspects were similarly formed to conform to these cultural features. My ability to lead these agencies successfully resulted from my ability to clearly see these attributes.

Tracy Barnes: In reading an article highlighting some the work (at the time) you were involved with at NASA, you described the task of transitioning to a new desktop service provider and the necessity of downshifting from 10 contracts down to one, saying that’s “always a dicey situation for a CIO”.

In terms of advancing technology and, perhaps, changing the culture of NASA, what lessons did it provide for you? And, to what extent did handling those “dicey situations” help you as a CIO? What impact do you believe it had in helping to improve NASA?

Linda Cureton:What helped me in the transition at NASA was understanding that the sum of the 10 “parts” was greater than the whole. In other words, if one obtains 10 requirements and puts them on one enterprise contract, you will miss the requirement.  There’s a wholistic aspect of “the enterprise” that is missing. For NASA, there were essentially three different security and networking requirements, not 10. The human space flight community needed highly secure, fast, low bandwidth requirements supporting astronauts, spacecraft, and satellites. The scientists needed low security and high bandwidth supporting exploration, experimentation, and information sharing. The administrative community was more security compliance oriented with moderate bandwidth requirements. Aggregating these requirements would have been expensive and pleased few customers. The “dicey” situation for the CIO requires looking beyond the aggregation and developing enterprise solutions which meet mission and business needs.

Tracy Barnes: One of the foundations of Black History Month is celebrating the achievements of African Americans. Speaking as a CIO, who is African American, there is a recognition for the responsibilities I possess and the path I’ve followed to make the decisions that best serve our employees, as well as serves the interests of all Hoosiers.

As the first African American to serve as a CIO – first at the Goddard Space Center and, soon after that, NASA as an entire agency, how would you describe the challenges you dealt with along the way, and how would you say it’s influenced your work? Your career?

Linda Cureton: The biggest challenge I faced was dealing with the notion that I was selected not because of my ability, but because of some need to address diversity and inclusion issues. In other words, I was selected to help with organizational diversity statistics and not with technology challenges. The situation did not improve as I was promoted to be the CIO of the entire agency because it was assumed, I was chosen because the country just elected an African American President and not because of my ability. While I recognized my own capabilities of being a strategic advisor for NASA’s mission of exploration, I cannot say I wasn’t called to prove my abilities constantly. This was frustrating and disheartening.

Tracy Barnes: One of your (many) notable achievements involved establishing NASA’s Office of Chief Technology Officer for IT “to focus on innovation and drive change through enterprise”. Did it help you achieve the goal of creating a single agency vision for what IT should look like? How did it happen?

Linda Cureton: As technologically innovative as NASA’s mission would suggest, the agency does not consider information technology as “technology”. Information technology is thought of as more tactical than strategic – like electricity, running water, or as one senior executive said to me, the toilets. I met a lot of resistance establishing the office of the CTO of IT. However, whether it was through stubborn persistence or blind courage, I persevered and agreed to add the “of IT” to the title.  The CTO for IT was able to advance an innovative agency vision for IT. One of the things I am most proud of, is the work we did to create what was to become OpenStack. We created a private/hybrid cloud solution internally named Nebula. My team opened the solution to the open-source community enabling what would become OpenStack. We worked collaboratively with industry, the agency’s legal officials, and the open-source community to accomplish this goal.

Tracy Barnes: Cybersecurity is an integral part of information technology for advancing, as well as maintaining the security of an organization. It is my understanding you have a belief about how cybersecurity fits into this process. Can you share with us your approach and how that experience influenced your work?

Linda Cureton: When asked to contribute to this blog, my first response was – I hate security. But why? I hate security because there is no such thing as secure. I feel that this is an unpopular position because CIOs or CISOs are always advocating that complying with specific practices will provide security.  This is fallacious. Back in the day, I favored continuous monitoring over the false confidence of compliance. I believed in no trust of the network and the need to implement protective measures as close to the data as practical. Today, I resist the fallacious notion of secure supply chains. We should presume insecure networks and supply chains developing strategies accordingly. My thoughts on cybersecurity strategy are inspired by the old movie “Star Trek II: The Wrath of Khan”. Young Starfleet cadets were given a test mission of the Kobayashi Maru – the no win scenario.  This test was only passed once, by the future hero James T. Kirk.  The only way to pass was to change the game. I believe that the cybersecurity game needs to change – otherwise, we keep losing and losing.