The public sector is a sprawling behemoth, doing essential work but plagued with legacy tech and inefficiencies. Those challenges are international, says Oregon’s Richard Appleyard.
The paths into IT are many and varied. Some of today's top CIOs worked in video stores, ticket offices and on milk floats before finding their career - and some always knew where they wanted to be.
"I've been heavily into computers all my life... One of the first things I did on my little BBC Micro computer was a piece of software for my mother's dental practice," says Richard Appleyard.
When we talked, Richard was CIO and CISO at Oregon State Police, but recently accepted a new role as Director of Information Design & Technology at the Oregon State Bar. He's also held senior positions at the City of Portland and Oregon Secretary of State; you might say the public sector is in his blood.
With a fifteen-year pedigree, Richard has seen plenty of changes, but one thing has always stayed the same.
"[The public sector] is very siloed, and you have a lot of divisions between the different government organisations. They're politically separate, and that creates those barriers, and then it's very hard to get everybody around the table to agree on a combined workflow process."
One of the biggest changes Richard has worked through, the mass migration of systems online, has helped address the sector's siloed nature, making it "easier to interact with government."
Despite that, state-run organisations are still "definitely on the trailing edge" of technology adoption and development.
A lot of this stuff is put in for good reason, but it's never developed comprehensively
The people and process pillars can smooth communication lines between departments to address siloes; but that still leaves technology as a sticking point.
"A lot of this stuff is put in for good reason, but it's piled upon previous stuff, and it's never developed, so it grows organically. It's never developed comprehensively."
Part of that is due to momentum, a common challenge in both private and public sectors.
"Everybody tends to think 'This is the way I've done it for a decade or more', and they have a hard time [visualising something different]…
"If you can't do that business process engineering, if you just lift your old process and stick it in the new system - which we do, I think, a lot in the public sector - then you've obviously removed the problem of ageing technology, but you've not really taken advantage of the technology to do things differently and more efficiently."
Even more than the private sector, securing capital to keep technology up to date is difficult in government, especially as everything needs to be justifiable to the taxpayer. That can lead to short-termism - a challenge that also affects UK government services.
"Some of this technology just requires that more forward-looking [investment], and putting that into the budget going forward," says Richard.
"What I've seen over my career is typically a more reactive process - so something will fail and then everybody will find the money and move it in. But to be more proactive and address things in a planned way is often times more challenging."
To move away from short-term thinking and start future-proofing IT requires strategic planning and governance, helping IT leaders to both assess costs and be realistic. In this way they can move away from the quick fix model and start thinking about total cost of ownership - while also taking government budget cycles into account.
"I think there's an effort at the state of Oregon to do more: trying to get into that level of presenting longer term plans to the legislator to get buy-in and funding.
"That will help be more proactive and less reactive."
Who watches the watchers?
Like the rest of the world, public sector IT's immediate future lies in the cloud - but technologies like blockchain and AI will take longer to reach the mainstream.
"I think we're struggling with some of those emerging technologies... I'm still wrestling with, as a CIO, how do you manage this new technology and what development process and guidelines do you have around it? Because it's kind of new. We're very good at programming lines of code, we're not very good at understanding how to train black boxes."
The black box issue - systems that produce outputs with no indication as to how they reached their conclusions - is a hot topic, especially as tech vendors rush to put out products using AI. Private sector CIOs might hold their noses and accept that, but the public sector is subject to strict controls.
"It's challenging in terms of getting those standards around contracting, and security standards, and ‘Who's checking the vendors?' A lot of times they'll call ‘proprietary' or ‘intellectual property' and say, ‘You can't look there.' It's like, yeah, but I need somebody to look. Someone needs to be checking that you're dotting the I's and crossing the T's, and security, and keeping things up to date."
To prove his point, Richard tells a story of taking over a vendor's proprietary software at one of his previous jobs. When they looked at the source code, he says, it was "like spaghetti."
"So yeah, just because it's being managed by a professional vendor - well, vendors cut corners too."
The future of public sector IT, he thinks, will emphasise oversight, regulation and standards compliance - and it will all have to be built into supplier contracts. Although probably not smart contracts...