Karl Mathias settles in at HHS

Karl Mathias, CIO at the Department of Health and Human Services, in his office.

Karl Mathias, CIO at the Department of Health and Human Services, in his office. HHS photo by Chris Smith.

Natalie Alms By Natalie Alms,
Staff Reporter, Nextgov/FCW

By Natalie Alms

|

The chief information officer at the Department of Health and Human Services talks about his priorities, the department’s effort to develop a new cybersecurity strategy and what keeps him up at night

Karl Mathias has been the CIO at the Department of Health and Human Services since March. The department’s last permanent CIO retired in mid-2021, and he took on the job after two people had served in an acting capacity. He was previously the CIO at the U.S. Marshals Service.

Mathias now oversees a $7 billion IT portfolio in a federated department with over 10 operating divisions, which include the Centers for Disease Control and Prevention and the National Institutes of Health. He recently spoke with FCW about his priorities and what keeps him up at night. The following interview has been edited for length and clarity. 

FCW: How is it going so far? What have you been working on?

Mathias: I can tell you what has surprised me. I knew Health and Human Services was a very large department. I did not understand just exactly how large it was.

I don’t think it’s any secret there has been a lot of turnover in CIOs, and they hadn’t had a permanent CIO in awhile. You always wonder: What’s morale going to look like when you come in? It was a very pleasant surprise to find out just how motivated everybody is.

The mission here is the most compelling you could ever have, and now I understand why people are motivated — because HHS is here to save people’s lives.

FCW: As you mentioned, HHS has experienced several years of CIO turnover. How are you addressing that?

Mathias: Let’s talk about why the turnover occurred. Some of this was just about bad timing — that’s how I would describe it. People hit the end of their careers, and they’re ready to retire. Welcome to one of the things we talk about in civil service: the senior IT people starting to retire. Here it is happening in front of your face. 

The challenge for me becomes how to reassure people that I’m going to be here for awhile. These are the guiding principles that I have, and here’s how I’m going to operate. Karl Mathias has no aspirations beyond this because this is what I wanted to do. I wanted this job, and I have very specific, very personal reasons for wanting this specific job. I intend to stay here. I’m not ready to move somewhere else. I’m not out job hunting from day one.

FCW: Why did you want this job?

Mathias: My daughter has a doctorate of nursing practice and is currently working as a rapid response nurse in Columbus, Ohio. My sister is a nurse practitioner who, after years and years of doing it, said that’s enough and now lives with her husband on the beach in Costa Rica. 

When they talk to me about their experiences, what they’re dealing with in the health care system, how services are delivered, I can sit here and whine about it or I get off my tail and go do something. I’m off my tail doing something.

FCW: What are your top priorities?

Mathias: There are the internal goals: What do I have to fix in my own shop, and what do I want to make more efficient? And then there are the departmentwide goals. Internally, the areas we’re looking at specifically are improving our ability to do acquisitions effectively and efficiently and find the best value.

Of course, every time you go to a new place, you need to learn how budgeting is done and then make sure that when we develop budgets, we’re well ahead of any deadlines, and even more importantly, we’re looking well ahead on the timeline. 

My goal is to knock down servers. Fortunately, I have CIOs who think along the same lines, and they’re busy going to cloud. 

For the external, departmentwide priorities, cybersecurity is, in fact, the top priority. What we are doing is developing a coordinated cybersecurity strategy. This is beyond the zero trust strategy that came down as part of the Executive Order on Improving the Nation’s Cybersecurity. That will certainly be encapsulated within this, but by September, we’re going to have a coordinated — across the operating divisions and staff divisions — cybersecurity strategy, saying these are the risk areas we see and these are the goals we think we need to pursue and the order we need to take them in. Then we will have initial implementation plans based on the priorities. 

The issue you run into is you have to consider: What can I do within the budget I have now? Is this something I should do a Technology Modernization Fund proposal for? There have been some within the department that have already been through even before I showed up and are in progress now. Or is this something we need to put in as part of a budget request to Congress? There’s some of that going on also. 

In addition, we could really improve our human resources automation. I’m partnering up with the new chief human capital officer to look at what’s appropriate technology to bring in to replace some of the more aging components.

FCW: The HHS Office of Inspector General recently concluded that the department’s cybersecurity program is not effective based on Federal Information Security Management Act guidelines. What’s your sense of the main challenges and what you can do to fix them?

Mathias: I do have some information, but I’m getting my full brief on that soon. We’re going to do a full comprehensive analysis of what’s going on with the FISMA report and where the weaknesses are, so honestly, I’m not in a great position to comment on it. 

FCW: The OIG has noted that the federated nature of HHS can make it difficult to get a top-down view of cybersecurity. What do you think?

Mathias: I’m not going to disagree with that. I do think when you’re federated like this, it makes it more complex to pull all that together and get that look. This is why we’re doing the cybersecurity strategy. We’ll be able to look at something as a risk and ask: Where are we? What do we need to do? How can we get better?

FCW: You mentioned acquisition being a priority. What’s going on there?

Mathias: This is more of an internal inside the Office of the CIO shop, just making sure that we’re more efficient. It’s one of those things where if you find yourself having to do a bridge contract because you didn’t hit your timelines, it’s telling you that you’ve got an issue you need to resolve. We’ve had a few of those.

This is boring stuff. I tell my staff I’m going to be the most boring CIO you ever ran into because I’m concerned about things like are we doing acquisition well? Are we doing appropriate types of contracts?

FCW: Anything else?

Mathias: If you want to talk about what keeps me awake at night and keeps other CIOs awake at night, it’s how do we get and retain our quality workforce. Money is important, and you do have to think about it, but you can draw in a lot of good people based on helping them understand what your mission is. 

The other thing is we run into common problems with bringing on IT talent quickly once we’ve identified somebody. That can be a real torturous process. 

How do I get the best workers, and how do I retain them? How do I keep these people motivated? That’s really what I worry about because if you take care of your people, they will take care of the mission for you. They will every time.

This article was originally published in the August 2022 print edition of FCW.

NEXT STORY: Biden named the next Secret Service director ‘at a critical moment’

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.