Developing Resiliency

  • Published
  • By Bennie J. Davis III
  • Airman Magazine

 

Maj. Gen. Patrick C. Higby is the director of DevOps and lethality, Office of the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics. In this role, he devises and implements strategies to responsively combat cybersecurity threats while rapidly delivering cyber, digital and information technology capabilities to the point of need.




During an interview with Airman magazine, Higby discussed his mission and responsibilities and the roles of DevOps, cyber resiliency and diversity in increasing Air Force readiness and lethality.



Airman magazine: Can you summarize the objectives of your office and how your responsibilities in DevOps and lethality pair together to impact the National Defense Strategy?


Maj. Gen. Higby: In my first meeting with Dr. Will Roper, assistant secretary of the Air Force for acquisition, technology and logistics, he also had a question about my duty title, which was something totally different, but really didn’t resonate with what was trending and what was gaining importance. So, we were struggling with what’s the right way to capture my role.

My role is to nudge the culture in a different direction, not just the culture in the Air Force, but the culture in the Pentagon in general, with all of the politics, stove piping and the other challenges we face sometime when we try to do something agile in DevOps. So, we came up with DevOps as being part of my title. And when I say DevOps, I include DevSecOps as Nick Chaillan, our chief software officer, always reminds me. The “Sec” adds the security aspect.

DevOps of 15 years ago wasn’t necessarily very security minded. Today when we say DevOps or SecDevOps, there is a big security aspect to it as you develop code and then deploy the code.

The lethality piece is there to influence the message, especially to our industry partners, we’re not just doing this for some admin system, this is war fighting. This is giving American men and women and our coalition partners the edge against the enemy to make sure we hit the right targets, we don’t inflict unneeded casualties and also protect our lives in combat.

Lethality is a balance it’s not just inflicting on the bad guys, it’s also preserving your own force.


Airman magazine: How do you define DevOps and what it means in the actual development of programs and weapons systems and what does that mean to the warfighter?


Maj. Gen. Higby: DevOps came out of the software and coder world in what some would argue the eighties and nineties, so it’s been around awhile.

The concept was that the developers that are writing code or software packages, they were historically not well connected with the operators, either the operators of the network or the operators that were going to consume that code.

What DevOps endeavored to do was to bring the coder and operator together. So, you have a very well-integrated team where you’re continuously checking with each other on what’s needed and what do we have to do and you are continuously delivering product.

The idea is that you have a continuous pipeline of valuable product, in this case software code, but you could apply this to anything that’s continuously being updated based on the needs of the user of that product.

In many cases what we’re delivering to them (the warfighter) is a pristine rotary dial telephone system connected to a landline and in their private lives as Airmen, Soldiers, Sailors or Marines they’re using iPhones. It’s like, I joined the military to have this high-tech experience to do good things and schwag bad guys and I’m burdened with this old technology.

And so, what do we owe our young men and women that have vowed to put their lives on the line to defend the constitution of the United States. We owe them the best technology that America has to offer. We have many industry partners that are alongside and stand strong in that message to say, we want our American fighting men and women to have the best technology available. And that’s not a rotary dial phone, it’s an iPhone that is continuously getting updated, getting new apps, getting refreshed, getting new security hardening, put on it continuously. 


Airman magazine: What has been the traditional rift between the engineers who develop software iterations and the people who use these products in the field?


Maj. Gen. Higby: The rift has been it’s not delivered quickly enough at the speed of need. And so what DevOps or Agile, what that replaced was called the waterfall process where you have lots of intelligent engineers that are very capable and they come up with something that then gets delivered to the field.

The process takes a long time because you’re deploying a full solution vice, a prototype or a minimally viable product. It’s the full up solution that you’ve invested 10 years of work and billions of dollars in, you’d get it deployed and that’s the first time that the warfighter gets to use it and they’re like, wow, this needs a lot of work. Then it would go back to the engineers and then they’d come up with a “B” version that would take another 10 years and so on and so forth. In today’s environment at the velocity of change, the acceleration of change, that’s just not a viable architecture to have.

That’s why Agile development and then later on DevOps and DevSecOps, caught on, not just an industry, but in the Department of Defense and in the joint fight.



Airman magazine: Is this why Dr. Roper talks continuously about the fact that speed is the most important aspect of development of weapon systems? 


Maj. Gen. Higby: That’s exactly right. The challenge with speed is that implies more risk and as you know, the Pentagon, is very risk averse. No one wants to be the one that leads failure, so there’s a reluctance there and that’s part of the culture change of nudging people to be more comfortable and accepting risk. It’s getting that minimally viable product out there, vice always talking about the perfect solution, that we’ll get in a couple of years. No, give me something now that works and then I can give you immediate feedback on it and we can continue to iterate. 

I’ll even reach back to historical examples in the P-51 Mustang and the German Fw 190 fighters of World War II. If you look at the history of how the P-51 came about, I would argue that’s a DevOps case study.

That came about with a minimally viable product built in the United States by a start-up company that was put out into the field for the British. It wasn’t quite right and then all these other ideas came along; can we put a Rolls Royce Merlin engine in there? Can we do this? Can we give it this kind of Gunsight? Next thing you know, you have one of the best fighters on the planet that helped us win WWII.

Now, did it still have shortcomings even when it was mature? Sure. It wasn’t well-suited maybe for the Pacific domain where you had to travel long distances. It didn’t have all those navigational aids that some of the more expensive, larger fighters did, but in terms of what we needed it for at the time, which was bomber escort to defeat Nazi Germany, it was the perfect system. And it could go beak to beak with enemy fighters and come out on top. 

That was industry and coalition partners taking risks, making stuff happen. Then suddenly it dawned on the United States as our bomber crews are getting slaughtered that if we had some of those P-51s it would be a game changer for our air war against Germany.



Airman magazine: So, what you’re saying is that what you’re attempting to do now in nudging this culture change, that it’s not a new culture? 


Maj. Gen. Higby: It is not new, this has been done many times before. Today we call it DevOps. Five years ago, we were calling it Agile. Industry has been calling it DevOps for quite a while, but a lot of these concepts aren’t new. It’s just the getting out of our box that we sometimes get ourselves trapped in – we have this and we can’t change now because it’s too risky. 


Airman magazine: What are the benefits of developing systems this way for the people in the field and how you would explain that to somebody on Capitol Hill who is holding the purse strings, making the decisions on the money? How do you explain to them that allocating a certain amount of money and taking risk at the front end is actually a better way to safeguard the taxpayer money than doing it the old way?


Maj. Gen. Higby: The best way to convince them, I believe, is to build trust through some successes. In a real DevOps risk accepting environment you are going to have failures, but you want those failures to inform the next success. After you do it for a while you can point to some successes like the modern-day P-51 kind of stories and we have several of those, not just in the Air Force, but in or other services.

One of those stories that we like to celebrate is the original DevOps software package the tanker (air refueling) planning tool grew out of. We were doing things in a very industrialized way in our combined air operations centers with grease pencils and white boards trying to schedule aerial refueling by hand. Then with some lines of code, working with the people that were actually using this planning tool and you create a product that saves a lot of man hours and comes up with a better solution in terms of planning where to put your tankers to conduct a certain portion of the air tasking order and taking the fight to the bad guy.



This degree of automation and using an algorithm to figure things out is way faster than having a bunch of very smart people doing it the old-fashioned way. That’s just one example. There’re many others like that, but, those are the ones we need to continuously be pointing at to show Capitol Hill, hey, this works.

We also have to let them (Capitol Hill) understand that when we started this, we weren’t quite sure what the end solution was going to look like and that’s the other big hurdle. I don’t necessarily know where I’m going to end up when I start with something.

So, projects continuously changing as they go forward. So, what we think might be the destination today, five years from now, we might be over here somewhere better than we thought we were going to be. I don’t want to trap the DevOps teams into, you have to end up here, because somewhere else might be better.


Airman magazine: You mentioned the tanker planning tool and how much money that ended up saving and how it was one of the success stories we could go back to Congress and say, “Look, we took a risk on the front end, but here are the payoffs.” So, could you please explain a little bit about 804 and OTA has acquisition authorities and how that kind of goes hand in hand with the DevOps thing. How do you explain to someone who’s been on Capitol Hill for a long time, what the advantages are of making those mistakes at the beginning and spending money as you iterate instead of one big large chunk? 


Maj. Gen. Higby: Right. OTA, other transactional authority, that’s what OTA stands for. There are two flavors. There’s the prototyping flavor and the experimentation flavor. Let me rewind, you can do either, you can take a product that’s already in the commercial sector and say we’re going to buy this and we’re going to experiment with it and see if it works.



A good historical example is the M-16 rifle, a Vietnam era, the first plastic rifle, put into combat. That was done under an OTA. So, these (OTAs) aren’t necessarily that new. The 804 (Section 804) Middle Tier Acquisition (MTA) authorities, so that is trying to get after these middle-tier programs, so not the super big programs, but sort of the middle-tier programs. 

We don’t need all this excess of documentation that’s been inflicted over years. Because again, historically, when you look back at programs that have failed, those failures usually end up in some kind of legislation that tries to point at, “this is what went wrong in that program.” Now we’re going to write a law to prevent that from happening and that volume of laws has continued to grow and grow and grow to the point where now when you try to do something fast and you’re confronted with all those laws, it makes it really hard to go fast. And that’s what the 804s were supposed to be incentivizing.

In the Air Force, we dove full in and we had, I don’t remember the count, but it was dozens of programs that went down the 804 path and saved a hundred years of labor and acquisition timeline and cut that out. That gets delivery of capability of the warfighter faster. That’s what we’re trying to do and the 804 does that.


Airman magazine: You mentioned the fact that it not only applies to programs being developed from the ground up, but programs that are taken off the shelf that already exist and are augmented, you said the M-16 rifle, but does the newly acquired MH-139A Grey Wolf helicopter fit into that? Can you talk about that a little?


Maj. Gen. Higby: I would argue it could. The question on helicopters is, do I need to develop an all-new military-specific helicopter or can I use something that’s already in the civilian market that already has shown reliability, make the few minor modifications to it that I need for its military applicability, and then put it out there, begin to use it and then begin to iterate? There are many opportunities to ask this question from firearms, all the way up to helicopters and maybe even (flight) trainers and aircraft.

Part of this also is when we look at our defense industrial base, are there opportunities to bring along smaller companies that have some very genius ideas that we could use in the Department of Defense to help our mission that are also then viable in the commercial market.



And that’s another tack Dr. Roper is taking. Can we, the United States Air Force, become like a venture capital company, where we look out, we see this small company that has something and we’re like, “Hey, we could use that in the Air Force?” But, I don’t want to create another defense contractor where your only customer is the Air Force. I want you to also be viable in the commercial marketplace with that product. Now we might use a version of that product that’s adapted for military use, but in general, whatever you’ve got is going to be commercially viable as well.

There are tons of opportunities in the United States, with our intellectual capital, which I think is a strategic competitive advantage vis-a-vis some of the adversaries that we talk about in the national defense strategy.


Airman magazine: Before we move on, is there anything just on the general concept of DevOps that you want to talk about that you think we should have asked?


Maj. Gen. Higby: The one challenge with DevOps is there’s a temptation again in this building (the Pentagon) where we’re always looking for efficiencies. There’s a temptation to see DevOps as a money saver. I have to speak up about that because DevOps is not about saving money. DevOps is about being more effective for our warfighter, being more lethal for our warfighter.

You have to understand that when you roll out this minimally viable product, it could be an app for your phone or it could be a software module for the combined air operations center or anything like that, that continuous delivery and continuous integration continues and you’re always have a DevOps team that’s taking care of that product. So, when you think in the old term of sustainment and you’re making improvements, that comes at a cost.

You’re paying those people to be the caretakers of this product and to continuously be engaging with the users of the product, daily. And then employing new software updates could be daily, it could be multiple times a day if you’re doing extreme programming, but daily, weekly, monthly, and then maybe as, as the product ages you’re only doing a release once a year and you might not need as much human capital bandwidth to be paying attention to it. But it’s not a widget that you deliver and then you’re done.

DevOps is continuous, so the sustainment tail, as we call it in the industrial age, that sustainment tail is still there. It’s just that sustainment tail is now different in the sense that you’re not just sustaining the current capability. You’re continuously improving the capability up to the point where the operator or the user of the product says, “Hey, we think we need something different now.” And then you got to spool up another DevOps team to say, what do you need? Where do we go? What’s this new thing you’re trying to do? What’s this new capability you’re looking for?



Airman magazine: Can we explore a tangential perspective on that? A lot of warfighters that we spend a lot of money training in various disciplines have spent a lot of years saying nobody listens. Now people are listening on a weekly, sometimes daily basis about what they need to do their job. Is this a positive influence on retention?


Maj. Gen. Higby: I think it absolutely is because you’re giving the warfighter direct input into the tools that they’re using, sometimes in life or death situations. And, it’s being done with all of that bureaucracy abstracted away because your DevOps team, whether it’s in a software factory like Kessel Run or whether it’s a dedicated team to some specific mission, that DevOps team is a close-knit group and they are making stuff happen and adjusting capability the way the warfighter wants it with the warfighter right there.

That’s the amazing thing. Now again, you can study, you can look back in history and any of the successful programs that we’ve (Air Force) done, it’s usually predicated on a small team that’s protected from the bureaucracy that’s given a mission to do and they’re usually successful.


Airman magazine: So, let’s shift gears a little bit and get you to put your cyber hat on. Your job takes what appears to be the two foundations, the first bricks that are necessary in building an Air Force of the future and that’s acquisition reform and incorporating cyber resiliency from the very beginning. Is that correct?


Maj. Gen. Higby: So, cyber resiliency in simple terms is making sure you can get your mission done no matter what happens in cyberspace. In other words, no matter what happens to your computers or your phones or your RF links, you can get your mission done. That’s really what cyber resiliency is about.

Now, when you look at the original cybersecurity standards, they all had aspects of that in there. In civilian terms, we’d call it continuity of operations or continuity of business operations. And so those of us that went through our security plus training and CISSP (Certified Information Systems Security Professional) training, all those aspects of cyber resiliency were already there. But, the idea is to quit thinking just about cyber resiliency in terms of, I’m on a computer, I need cyber resiliency. It’s, I’m doing a mission and that mission is very reliant on what’s happening in the cyberspace domain, so you better make sure that you have some of those aspects of cyber resiliency built in.



And again, some, some of this thought is still being developed. A NIST (National Institute of Standards and Technology) is on the verge of publishing Special Publication 800-160 Vol. 2, which is 14 different techniques to achieve cyber resiliency. And it’s everything from, do we have divergent or diverse paths to communicate with, all the way to are we doing a good job deceiving the adversary so that they don’t have the easy targets to poke at because we’re constantly putting up false targets and decoys and honeypots that they might be tempted to go after within the cyberspace domain.

But then there’s PACE planning, primary, alternate, contingency emergency, that is an aspect of cyber resiliency. So, I have a primary way to get my mission done, that primary way I’m going to take advantage of all those great electronic systems and computer systems and AI machine learning that’s available. But, if any one of those or all of those go away, I better still have an alternate way of doing the mission and then a contingency way and then an emergency way.

So, I may start off with a very elegant high-tech kind of strike and the emergency way may be, we’re back in the agricultural age and we might have to take Spears and go fight the bad guy. So, the idea behind resiliency is you’re going to fight to get your mission done, no matter what happens.


Airman magazine: Also, could you talk about the Cyber Resiliency Office for Weapons Systems or CROWS office and how this all works together?


Maj. Gen. Higby: The CROWS stood up in 2016, I believe, and it was in conjunction with a cyber squadron initiative, which called out this entity called a mission defense team.



So, the thought was we would have mission defense teams at the tactical edge associated with a specific mission capability, be it F-16s (Fighting Falcons) or Air Operations Centers, B-52 (Stratofortress) bombers, tankers or presidential airlift support. All of those have mission defense teams associated with them. Again, they’re at that tactical edge that can detect something is going on here, that invisible hand or that obscured hand from the adversary. They’re the cop on the beat that sort of knows what their neighborhood is supposed to look like. They’re the first ones that can see that window over there isn’t supposed to be open, let’s go investigate.

So, they go in with the flashlight, they investigate and “holy cow” there’s somebody in there, where do you go with that? And so, the CROW stood up as sort of that interface, especially when you talk about legacy weapon systems.

Take the F-16, which are very cyber dependent as we’ve learned in the last 10-15 years. How does that team, that cop that’s on the beat that says, there’s a window open in that F-16 software that shouldn’t be open, how do you get the right experts, engineers and PhDs involved that may have built that system or designed that system and facilitate a very quick turn response to that? The response could be a whole number of things. It could be, we need to ground that asset for now. We can’t fly the next sortie because the risk is too great. It may be, I think we can still fly with that vulnerability in place because we have other work arounds.

Again, back to that resiliency discussion. It may be, we can deploy some code very quickly and shut that window and get the adversary out of the system. But you need the expert that built that system originally to be in that discussion.



We really want the CROWS to be that interface to the real expert of a given weapon system, whether it’s an aircraft, a missile, a helicopter or whatever, to understand, if you’re going to tweak this, it may have these other consequences to it. And then make that risk decision. Grounding the asset is not always an option, we have to launch because we have other actors that are dependent on us striking a target.


Airman magazine: Cyber was involved in everything we do. How does the Air Force get that level of education raised? That sea level of understanding about how cyber influences everything that we do across the entire force.


Maj. Gen. Higby: We do have a cyber (Air Force specialty code), a tribe of cyber professionals that are trained to do that. But as you said, cyber affects everything.

So, now the question is how do I open up that aperture to find more cyber talent that we may have on the force that we’re not aware of? And so, we came up with the concept of a cyber aptitude test. So just like you test for different aptitudes like spoken languages, you can test for cyber aptitude and you might find cyber aptitude in unusual places.

It may be a fuels troop in an LRS (Logistics Readiness Squadron) at a base somewhere that on the side, tinkers with Raspberry Pis and develops apps for phones. That’s probably the Airman that you want working to look at (creating) the digitized fuel pump that’s pumping fuel to the jets when they’re in the hot pad. He or she is probably the good beat cop to have on the mission defense team to say, “Hey, somebody is messing with that fuel pump” and I might be able to circumvent it right here on the spot and allow the mission to continue without having to escalate up and get those higher-level SWAT teams to come in.



Then there is modularized training and we began rolling that out in 2014, allowing some self-paced training. So, a certain module might be really easy for me, but might be really hard for you. Let me go through it at my speed and then the next module, it might be the other way around, but don’t limit the learning. If somebody already has the skills, I don’t have to have them relearn it at the school house. We can do it remotely. We can do it through things like YouTube videos.

All of that is now becoming available to our Airman. So, any Airman out there, on the chief software officer’s webpage (software.af.mil), there’s a whole bunch of training modules about DevOps, for example.

So, if you’re that LRS Airman fuels troop and you say, “Hey, I hear all this DevOps stuff and ‘Containers’ and ‘Kubernetes,’ what does all that mean? All of that is available to them.


Airman magazine: How important is it making sure that that cyber resiliency not only extends to the finished products, the war fighting systems that we use, but the supply chain from all the contractors and all the various companies that supply parts from various locations?


Maj. Gen. Higby: That’s a huge challenge. I was actually involved with our general counsel office because they were seeing the same concerns across the supply chain.

So, we’re building a new airplane or a new pod for an airplane. That system relies on a lot of integrated circuit boards, processors, chips, chipsets and timing clocks that all come from diverse places. And how do we assure ourselves that when they come together that they inter-operate properly and that there isn’t some kind of malware or malicious code or backdoor baked into them that the adversary could then use in the future to defeat that weapon in a way that would surprise us.



That is hard. Now again in the commercial sector this has been a concern for a long time too and there are companies, some pretty big-name computer companies, that have pretty good supply chain resiliency and supply chain monitoring making sure that you can track where a given product was made and if it was made in the right place by the people with the right clearances.

So, there are techniques out there. The challenge for the Air Force, since we don’t tend to make our own pods and airplanes, is we usually rely on an industry partner and what’s the right balance for us have that industry partner get the help they need, when they need it, but also to be open to communicate to us when they have concerns.

We have an Air Force asset, but it works for the entire Department of Defense, the defense Cyber Crime Center, under the Air Force Office of Special Investigations that specializes in just that kind of stuff. And I believe their role will increase in the future as we move forward. They need more staff and help and all kinds of things too. They’re the right experts that can look at a given component and say, this has something in it or this is behaving in a way that it shouldn’t, so they can detect some of that as well and then find ways to circumvent it and then upstream consequences for whoever the person was or the entity was that in injected that into the supply chain.

Our supply chain is a big concern not only for DoD, but for our industry partners as well.



Airman magazine: What kind of things are being undertaken to try and attract new cyber talent and to retain our talent?


Maj. Gen. Higby: There’s a huge number of initiatives. One that I mentioned, again, the cyber aptitude test of finding talent and places where you may not think it exists.

So, there may be a young man or woman who grew up in the mountains of Appalachia that didn’t grow up with iPhones and computers. But, maybe they have a natural gift, they’re a gifted musician perhaps. And guess what gifted musicians sometimes make really good coders. Unless we can expose them to a cyber aptitude test, we won’t know that they have that ability. Then we could say, you scored really high in this thing, would you like to join this team that’s doing big important things for our country?

I think even today, despite all the bad rap that millennials get, there is a desire to be part of something that in our generation would call bigger than yourself, so doing something for the greater good.

There are still young Americans who are willing to step forward and do that. The key is attracting them and once we attract them, we know we’re not going to retain them by paying them more.

I can’t compete with the big-name companies in Silicon Valley in terms of financial compensation, but what I can compete with is the coolness factor of the mission. Hey, you’re doing something here that’s either saving American lives or making Americans that are in combat somewhere more effective in protecting our constitution. There are American millennials and the generation after them willing to do that.

The challenges, what’s the environment that they’re going to come into? Are they going to come into that environment where we hand them the rotary dial phone tethered to a cable or we are going to bring them into the force that says, here’s the iPhone or whatever that we’re going to issue you a basic training? Your orders are on there, all your personnel files are on there. Your training, a program that you need to go through is on there. The links to all those YouTube videos, it’s all on there. Where you need to go to get your uniform issued, that code or that app is on there. That’s the experience that they should be having. Not here’s your big rotary dial phone with the cable attached and then you need all these pieces of paper to go over there to get your uniform.

So, it’s on us to make that environment conducive to the generation that grew up as digital natives where we don’t bring them into an analog world, because that’ll be a turnoff very quickly.

It comes down to understanding our Airmen and the two biggest and in all of the retention surveys I’ve seen the results of, the two big factors that stick out is, one, does the Airman feel tethered to an important mission? That’s a huge retention factor.

And then the second is the Airman’s relationship with their supervisor? The frontline supervisor, not wing commander, that’s not MAJCOM commander, that’s not the chief of staff or the Chief Master Sergeant of the Air Force. That is your frontline supervisor, the person that you’re interacting with every day. If that is a good relationship and that frontline supervisor is keeping you inspired about the importance of the mission you’re doing and how that plays into doing something bigger than yourself, you’re going to stay on the team.


Airman magazine: I would imagine the key to retention too is after you’ve trained them up to do these cool missions, is not having Airmen stuck doing housekeeping things. Can we talk about how (artifical intelligence) fits into this conversation?



Maj. Gen. Higby: Our enlisted career field for coders, 3D0X4, we have a number of case studies where this good coder gets to go to Kessel Run and work on the tanker planning tool for example and absolutely love it.

They’re doing paired programming with the industry expert attached to their hip learning together, growing together, creating code that’s being used. They’re talking to the war fighter that’s actually using it on a daily basis. It’s a very rewarding experience and then after their six-month TDY ends, they go back to their base-level communication squadron and they’re a SharePoint administrator, which is not necessarily what they signed up for.

Now, does SharePoint need to be administered at that base? Absolutely it does. But, maybe now we have enough talent in that Airman where they could use something like an algorithm or some kind of machine learning tool to automate the SharePoint administration aspect and then free themselves up to do the DevOps full time, vice having to do a lot of the laborious housekeeping that could be done through code or through an industry partner.

If you look at the AFNet today and I think most of us that are working on the AFNet would agree, it is a complicated, convoluted mess. It’s overly complex and in terms of the user experience, if you ask most Airmen, how would you rate the AFNet? They’re not going to give it good grades.

What we’re trying to do now is get some of those industry providers that provide service for the commercial sector, for our civilian lives, to bring that experience into the Air Force and have them run the network at a base or have them run the network in a given region.

So now you get the same user experience that you like in your private life, you now get that at work as well instead of staring in the blue wheel of death, waiting for something to load.



Airman magazine: Let’s talk about our civilian Airman, the Air National Guard units. How important is that? When it comes to DevOps and contracting, acquisitions and cyber to have people out there getting real-world experience in a different vein and bringing that cross pollination back into the force.


Maj. Gen. Higby: That’s always been a huge success story for the Air Force between our total force as we say, “Guard, reserve and REGAF (regular Air Force).” In the guard and reserve, there is so much untapped talent, it’s everything from coders all the way through to pilots. If we can find the right ways to tap into that talent at the time of need, I think it would make us a much more capable Air Force.

Some functional areas have figured that out. It’s hard because again, a lot of these total force Airmen have civilian jobs and I can share anecdotes of say a cyber security officer for a high-end Fortune 500 company in civilian life, but they’re a defender for security forces in their guard role. I ask, “Can I make you a cyber Airman? And the answer is, well, I don’t want to do all that cyber stuff. I want to be in a foxhole with a gun.

We have to figure out what are the right incentives for someone like that to say, okay, I’ll leave you on the security forces side, but can we leverage some of your cyber talent to make that SF unit more capable? Because you can do some DevOps things to manipulate the base defense cameras or a system that detects non-ferrous materials coming into the base. You can manipulate those systems in ways to maybe have a quicker response or more capable response and you’ll still get to carry your gun and lay in the foxhole on the weekend if that’s really what you want to do.


Airman magazine: You have stated that your career field pyramid is inverted. What does that mean and how is that being addressed?


Maj. Gen. Higby: When I was the cyber career field manager two or three years ago, this was one of the challenges on the officer’s side. It ended up that in our inventory we had more field grade officer positions than company grade officer positions.

Normally in the military hierarchy, you would have more CGOs then you pick the best and promote them up and so you have a pyramid. The biggest hit was probably the PBD720 force shaping cuts of the 2008-2009 timeframe, that harvested a lot of the CGO positions. And so the cuts weren’t necessarily laid in a way that made sense in terms of that pyramid. That’s where you end up and in some cases it’s a good opportunity, where a captain fills a major’s position or a major fills a lieutenant colonel’s position and they can work at an echelon higher than they normally would be able to. Some do really well at that and it’s a great opportunity, but that’s something that needs to get fixed.



I know Maj. Gen. Kevin Kennedy, who replaced me, that’s one of the challenges that he’s looking at is how do we right size that and are there places where perhaps we can trade FTO for CGO billets and fix that manpower map.

Our manpower system in the Air Force is an industrial age system and it is something that our A1 team (manpower, personnel and services) is struggling with, as well as figuring out how do we get into the DevOps and Agile age? I know Lt. Gen. Brian Kelly is working hard on that and trying to come up with different ways where we don’t get trapped in the old thinking of it has to be a pyramid. There may be cases where if you’re working as a team, it doesn’t have to be a pyramid and we can leave our rank at the door, so to speak.


Airman magazine: Does getting away from being a one mistake Air Force enter into that?


Maj. Gen. Higby: It certainly does and especially when you talk about the risk appetite that’s required to do DevOps or Agile, you have to be able to celebrate those failures.

Now again, I’m not talking about breaking laws and committing crimes. I’m talking about taking a risk on something and it ends up not working out. Failing forward, that’s the term that the chief (Chief of Staff Gen. David Goldfein) likes to use. It’s what do you learn from that failure to enable your next success.

Over history, there’s plenty of examples of people that have failed and failed and failed, but they keep trying and then eventually they hit that big success that makes all those failures pale in comparison. We’re talking about venture capital and venture capital is predicated on a lot of failures. You invest in a hundred different things as a venture capitalist waiting for that one big one to be the breakthrough. Ninety-nine of the rest aren’t going to make you any money.



Airman magazine: So how about you, if you don’t mind us asking, what did you learn from your failures? Has there been a failure in your career that has affected the way you lead or affected a project or something that you were working on?


Maj. Gen. Higby: Yeah, my career is replete with many failures. I’ll share one from when I first came in the Air Force and all of my failures in the Air Force, as I look back now, they have sort of a common theme and that is that I didn’t rely on the team in the way that I should have relied on the team.

My first duty station was at Fort Meade, Maryland, in the Musketeer Program. We didn’t use terms like cyber or DevOps at the time, but that’s essentially what we were doing in the musketeer program. So, I was given this assignment as, as part of a team. So think back to 1990, The Soviet Union has come apart, but they still had a very capable military and they were doing something like out of a Tom Clancy’s Hunt for Red October novel. They had something they were doing to non-acoustically detect submarines and that was very worrisome for us. I was assigned to this project to figure out what they were doing.

We figured out they had some airborne assets that were emanating a certain kind of signal and so I was assigned to figure out in three months how to correlate where the aircraft was so we could figure out what that power pattern polarization actually looked like coming from the aircraft. In other words, I had to figure out how to track the aircraft.

So, we’re deploying in like three months and I’ve already wasted two months and I’m at wit’s end. Nothing is working. And the whole team is relying on me to come up with this answer. Finally, a colleague of mine that wasn’t on the deployment team per se, but was a musketeer said, “have you considered a V beam?”

So, I do a little research and team up with him and we get two commercial yacht radars, put them back to back, tilt them at 37 degrees and spin them on top of a little container that I put in this gun emplacement to get azimuth bearing and altitude. And that all comes in digitally and then you write code to correlate to what the other system is collecting. It went from I’m an epic failure because I was trying to do it by myself to be the hero to there’s actually somebody over on my team and if only I would have engaged them earlier.

Every failure I’ve had in my career is where I try to solve a problem alone and sort of suffer in silence and then realize in hindsight there’s actually somebody right here that can help me. Whether it’s personal life problems or work projects I’m not able to get a breakthrough on, it’s always I’m trying to do it by myself and I’m not leveraging those other great Airmen that are around me that have different viewpoints and different backgrounds. That diversity of thought can help you solve a problem.



Airman magazine: When you put on those stars, is this something that is now a lesson learned that you’re feeding down the chain?


Maj. Gen. Higby: I talk a lot about diversity and making sure you have a diverse team that comes together. In some cases that diversity can be visually ascertained, like you all look different. In other cases that diversity can be ascertained once you get to know each other and you realize, wow, you really think about this very differently than I do. Instead of being afraid of that, we ought to embrace it, because there could come a time where I’m confronted with a situation that I can’t get around, but you’ll look at it in a different way and throw the solution on the table that helps us get the mission done quickly and again, that’s all part of DevOps.

Back to the original question, what is DevOps? DevOps is that team of diverse individuals that are continuously iterating and continuously improving that capability that you need to get the mission done.




 

 
AIRMAN MAGAZINE