The CIO Crisis: Why Short Tenures Threaten Federal IT Modernization

 

September 2, 2025

Subscribe and listen to the Fed Gov Today Podcast anytime on Apple Podcasts, Spotify, or at FedGovToday.com.

Nick Marinos, Managing Director of Information Technology and Cybersecurity at the Government Accountability Office (GAO), sees progress in federal IT modernization—but also a long way to go. In a recent conversation on Fed Gov Today with Francis Rose, he explains why GAO is providing new CIOs with a kind of “cheat sheet” to help them quickly understand their challenges, and how those recommendations can shape the future of government technology.

Marinos begins by describing the context. Since 2010, GAO has made more than 6,000 recommendations in areas like IT and cybersecurity, and agencies have implemented about 80 percent of them. That success rate is encouraging, he says, but the remaining 20 percent still represent real risks. GAO’s letters to CIOs highlight those unresolved issues, giving leaders a clear roadmap from day one.

At the Department of Homeland Security (DHS), for example, the new CIO faces 43 open GAO recommendations touching IT implementation, financial management, and acquisition. Many of those items are tied to GAO’s High Risk List. Marinos calls the list of recommendations an opportunity: each one is a chance to reduce risk, strengthen cybersecurity, or improve how IT projects are managed.

One focus is cloud security. GAO urges DHS to fully implement requirements under the Federal Risk and Authorization imageManagement Program (FedRAMP). Marinos acknowledges DHS has made improvements—especially in assigning responsibilities and using continuous monitoring—but he emphasizes the need for consistency across the entire organization. FedRAMP exists to provide agencies with confidence in their cloud providers, and GAO wants to see DHS fully embrace it.

Cybersecurity more broadly is also a recurring theme. Marinos points to work GAO has done on the Secret Service, including a review of its zero trust architecture. That review shows the agency is making “solid progress,” with several recommendations already addressed and more underway. He notes that DHS benefits from the expertise of the Cybersecurity and Infrastructure Security Agency (CISA), which not only supports federal components but also critical infrastructure outside government.

Beyond cyber, Marinos highlights acquisition and program management. GAO has flagged shortcomings in DHS’s Homeland Advanced Recognition Technology program, particularly around cost estimating and schedule assessment. Marinos stresses that these challenges are usually tied to agencies not following established best practices, rather than unique mission requirements. By adopting proven methods, agencies can avoid delays and even achieve financial savings.

Financial management adds another layer of complexity. Marinos explains that multiple stakeholders—the Chief Financial Officer, the CIO, program management offices, and component-level teams like the Coast Guard—must work together to modernize systems. That requires clear communication, defined roles, and accountability. GAO’s recommendations often focus on strengthening collaboration, because without it, vulnerabilities linger.

Finally, Marinos underscores the importance of leadership continuity. With CIOs typically serving only two to two and a half years, there is little time to build relationships or see a strategy through. GAO’s letters are designed to shorten the learning curve, giving incoming leaders immediate visibility into where progress is needed most.

Marinos frames the effort as both practical and forward-looking. By drawing attention to unresolved issues, GAO hopes not just to hold agencies accountable, but also to open dialogue with new CIOs. Early results are promising, with some CIOs already reaching back to GAO for deeper conversations. For Marinos, that kind of engagement is a clear step toward safer, smarter, and more effective government IT.

You can read the full report here



Join our Newsletter

Please fill out the requested information below