Expert Advice on Public Sector from Mark Sydney

‘Because cybersecurity is a continuously evolving, challenging space.  Security needs to be operated as a continuously evolving service, not as a once off funded initiative. That doesn’t mean you shouldn’t run a catchup initiative, because if you have fallen behind then you might need a project type approach to uplift but then it has to be continuously funded.’
- Mark Sydney

Recently we sat down with Mark Sydney, an experienced Principal Consultant to discuss his extensive career in the public and private sector. We wanted to find out what he feels is important for government departments to support trust, engagement, and relevancy to citizens both now and in the future.

Mark has had an extensive career with approximately 30 years in the public and private sector. He has undertaken a variety of senior digital and technology roles, spread across operations, delivery, strategy, policy and assurance. He has held consultant, director, senior director and chief officer roles in a variety of government service areas including central government, health and elections.

In your long career in the public sector, what have you witnessed that would make a government department fall short of expectations in maintaining citizen engagement and security?
The number one enemy of meeting expectations I feel is needless complexity. To give you a specific example, we can take a look at all the National Parks websites for booking a campsite across Australia - there are some which are much easier to use than others yet they all provide the same service. You can see that some look like the early days of the internet whilst others are sleek and modern. Nothing disengages someone more quickly than something that is not contemporary or is overly complex. We live in an era where you can install and start using an app on an iPhone in one minute. The same issues are visible with each of the state’s COVID19 contact tracing pages or one close to my heart, Electoral Commission pages, I personally think that Queensland has one of the best now – but I might be biased.

I think for the second part I’ll focus on the privacy component of security, which is quite challenging and always will be. Many citizens think that government has this single magical data store, where it knows absolutely everything about everyone, however that not the case. There are some areas of government that are better than others when it comes to managing data but this can be due to a variety of reasons such as legacy systems, focused tactical services, etc.  An example of just how hard it is to do this right is appropriate sharing, security and privacy of child safety data within and between agencies.

What are the cornerstones that ensure successful implementation of new systems
Purpose, people, then process, the best projects I've seen are well defined and have a clearly agreed purpose, then they've had the right people involved, and then decided which process is the right delivery method.

Some work I led before I left government was about determining leading indicators for project failure, and the number one leading indicator of project failure is change of project executive (or sponsor). And so that's where I come back to purpose because it is determined by the project executive. So, I’ll stick with purpose, then people and then process as the most succinct answer.

What are the most common issues for government departments in maintaining trust with the public in regards to online threats?
There are a couple of ways of looking at this question, but I think the biggest problem is the general approach to security. By this I mean that people think that you can start a cybersecurity project, find the issues, act on it, then say “job done – problem solved”. This is unfortunately not the case, it means that if it took you six months to execute, instead of being two years behind you might now be only six months behind if you are lucky, you will always be behind – the only thing that changes is by how much.

This is because cybersecurity is a continuously evolving, challenging space. Security needs to be operated as a continuously evolving service, not as a once off funded initiative. That doesn’t mean you shouldn’t run a catchup initiative, because if you have fallen behind then you might need a project type approach to uplift but then it has to be continuously funded.  It needs to be seen as an essential part of your business, just like finance, HR or building maintenance for example. It needs to be a continuous exercise rather than a stopgap exercise as the risk profile is always changing whether we like it or not.

Have you witnessed a government department reach what's termed as digital maturity?
That is a big question – when I think of digital maturity, at the very least I look at it with the lens of front office and back office. When I joined the Electoral Commission, it took about nine months to complete a back-office overhaul. That involved moving the organization off an old version of Exchange into Office 365, and retiring other legacy platforms where possible into a pure Office 365 modern workplace where Win10 laptops were standard and nothing was held back by on-premise infrastructure. The entire team worked really hard to make it happen and the results were amazing – in a recent conversation with the CIO he acknowledged that due to the modern digital workplace approach they were COVID ready before we knew it existed.

When it comes to front office, I don’t feel that customers want cutting edge at any cost, they want contemporary – you don’t need to be the best, you should aim for second or third best. If it just so happens that you can give your customers cutting edge, because it is easy or that is your #1 priority, then by all means you should do that. Otherwise, there is no shame in coming second to the leaders.

Have you had experience with government creating ‘super departments’ from previously separate departments?
In Queensland we call them ‘Machinery of Government changes’ or MoG’s for short – there is definitely a cycle to it that is for sure. There really are no safe answers to this question, but I will say that streamlining and efficiency should be done regardless of MoG changes not as an expected outcome of a MoG.  One of the focuses we had in the QGCIO was to work towards making government systems “MoG proof” and cloud was a big enabler of that. These are sometimes simple things like unlocking systems from hardware life cycles or ensuring that every cloud onboarding exercise had a pre-determined exit plan. Where we refer to MoG proofing, meant that government departments are more change ready because the expectation was that there is always going to be change. What you implement is designed with consideration of change in the future. This is where micro-services can really shine but not without correct planning and design considerations.

What challenges do you feel the public sector faces in regards to online engagement in the next five years?
 I think the number one challenge is going to be about finding the capacity to keep things moving forward. There is lots of staff movement across the entire digital sector – which makes this harder.

 To do this I personally feel that we need to shift out of a project or initiative-based change mindset into a continuous service and product evolution mindset and that this fits nicely into having continuous smaller bite sized chunks of regular change.

What technology or strategy, have you seen recently in the public that interests and excites you? Makes you feel hopeful for the future?
The Government leveraging smartphones for direct citizen engagement like check-in apps has been amazing. I had conversations in March last year through the Queensland Government proposing that the Federal Government Covidsafe app should be QR enabled for check-ins which unfortunately never eventuated. When Australia initially moved to QR codes which led to Web Forms I just could see a whole bunch of privacy, personal security, and information management issues that were occurring as a result of us using ‘free’ tools from firms to collect data without controls and consideration for privacy, safety, confidentiality, etc. Things like the check in app is a fantastic change of the way we can do things digitally across government and society. Queensland eventually got there in February this year but as it turns out Queensland, ACT and Tasmania are all using the same app – which is something that I thought was really quite brilliant, efficient and effective.

Empired has helped our public sector clients achieve their goals of an efficient and streamlined workflow and enhanced citizen engagement. We have many experienced members of our team, such as Mark and can help your public or private sector business transform, upgrade your company's digital capabilities while also developing and maintaining citizen trust.

Contact us today to find out how we can help you.

We would like to thank Mark for his time and expertise for this interview. To contact Mark, you can find him here on LinkedIn.

For more information and to download our Public Sector eBook - Building Citizen Trust, click through here.