"You will sit at the table"

Al Tarasiuk's appointment as the CIA's CIO took place on Oct. 1, 2005 (former Director Porter Goss appointed Tarasiuk). In his first year, however, Tarasiuk was seemingly handcuffed. "I had ideas [about transforming IT] when I first became CIO," he says, "but the environment wasn't aligned in a way where I could launch on these ideas."

Since CIA Director Gen. Michael Hayden took over in May 2006, the "transformation" theme of the Tarasiuk era has not been subtle or kept quiet inside IT on a mission statement: Cut the bureaucracy and be more businesslike via stronger IT governance, more disciplined project management, greater data sharing and more openness to try new technologies. Hayden has demanded as much.

"What we had prior to that was some configurations of corporate [IT structure], but we didn't have the business side—what we call the mission side—really fully engaged in big decisions about how we spent our money on IT, how we deal with information policies and things like that," says Tarasiuk, whom Hayden realigned to a direct report when he took over. "My role was to do that."

Tarasiuk created and chairs an Information Governance Board, which meets quarterly or as needed to make the strategic IT decisions for the agency. Hayden "demanded that because of the problems we've had in the past, because of who actually participated [in making IT decisions], he said to the business leaders, the mission managers, 'You will sit at the table,'" Tarasiuk says. "So the support of the top leadership has been very important in making sure that board is effective."

The four divisions inside the CIA are: Directorate of Intelligence (the analysis arm); the National Clandestine Service (the spies); Directorate of Science & Technology (which develops technologies to support the mission—think "Q" from James Bond movies); and the Directorate of Support (HR, finance, logistics, legal and other functions). For the most part, these CIA leaders appreciate being involved in the IT decision-making processes, Tarasiuk claims, even though "not all of the decisions go their way."

For example, Tarasiuk forged what he calls an enterprise data layer strategy that enables those who have need and permission to access CIA data can do so. One part of the strategy is IT-related: Tarasiuk notes that service-oriented architecture (SOA) technology has been one key piece.

The other, and much more difficult, part has been process change. "We're making corporate policies on how data is going to be managed, and we're not going to allow little fiefdoms anymore," he says, "where data is managed and protected and policy and regulations are set by some local manager at the lowest levels of the organization."