When Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA), talks about GSA’s OneGov initiative, his enthusiasm is clear. For Costello, OneGov represents more than a procurement vehicle — it’s a tool for accelerating modernization, strengthening cybersecurity, and delivering better value to the American people.
Costello says that as a federal CIO, it’s a game-changer to work directly with cloud providers, software vendors, and original equipment manufacturers. Instead of going through multiple layers of middlemen, his office can sit down with industry partners, understand what they’re offering, and quickly see how those solutions fit CISA’s mission. This direct engagement allows CISA to embrace new technologies faster, improve its systems, and, most importantly, deliver effective solutions to the people who operate those systems every day.
“It’s about making sure we’re spending the American people’s money wisely,” Costello explains. By stepping up early when GSA announces new OneGov deals, his team can evaluate what’s available and modernize systems without wasting time or resources.
But Costello’s focus isn’t just on speed — it’s also on accountability and partnership. He points out that being a CIO today isn’t only about technology; it’s about understanding acquisition, budgeting cycles, and program management. Agencies often plan years in advance, and his job is to make sure contracts are run efficiently, deliver value, and perform as promised. “I always call our contractors partners,” he says, noting that both sides have to fulfill their roles to get the outcomes taxpayers deserve.
Direct dialogue with suppliers is central to Costello’s approach. He believes too many steps between an agency and its providers can create confusion, slow progress, and hide potential problems. By engaging face-to-face, his team can clearly communicate requirements, ensure vendors understand them, and move projects forward more quickly. That collaboration also gives CISA better visibility into the supply chain, which is critical as agencies try to secure increasingly complex systems.
Supply chain security is a major theme for Costello, especially when it comes to software. He is candid about the challenge of Software Bills of Materials, or SBOMs — the digital “ingredient lists” that describe how software is built. “I’d love to say I’m the CIO who figured it all out,” he admits with a laugh, “but it’s a complex problem.” He compares SBOMs to pharmaceutical manufacturing, where every pill has to go through a strict process before reaching consumers. Agencies need the same level of confidence in the software they use, especially when open-source components are involved.
Costello notes that sometimes agencies are still running code written years ago by developers who are no longer maintaining it — which creates risk. Understanding what’s inside their software helps agencies know whether it’s still safe and supported. CISA recently addressed this challenge by releasing new SBOM guidance in partnership with 18 federal agencies and several international partners. Costello calls it a great reference for agencies working to mature their software supply chain practices.
For Costello, none of this is theoretical. His team has been through several changes recently, and he says one of the most important lessons is that collaboration drives innovation. Being in-person and having real conversations with partners — whether industry suppliers or other federal CIOs — leads to better understanding and better outcomes. “The more we talk, the more we actually understand what’s going on in both worlds,” he says.
Ultimately, Costello views CISA’s work as setting an example for the rest of government. His office strives to model the principles it wants other agencies to follow — embracing modernization quickly, improving cybersecurity, and maintaining transparency and accountability throughout the process.
OneGov is a key part of that mission, helping CIOs like Costello modernize faster, cut costs, and improve security. But he is clear that this is an ongoing effort, not a one-time project. “We try to be a proving ground,” he says, using CISA’s experience to help shape guidance and policies for the rest of the federal community.