A conversation with Jerry Davis, the Chief Information Officer at NASA’s Ames Research Center in Silicon Valley.
Transcript
Host (Matthew Buffington): Welcome to the NASA in Silicon Valley podcast, episode 56. This week we dive into the information technology sector of NASA Ames as we talk to Jerry Davis, our Chief Information Officer. Jerry leads the large group that manages the IT systems throughout the center. We talk about his path through the Marine Corps and how that led him into NASA through interesting twists and turns. We also go into how IT support is crucial to NASA’s mission, both in sharing information with the scientific community, but also on the cybersecurity side to protect our data and systems. We go a little bit into the weeds about the proposal process, and some ideas that Jerry is working on, and how it can refine nuggets of an idea into workable solutions. So, here is Jerry Davis.
[Music]
Host: We always like to start it out with getting to know people. Tell us a little bit about yourself, Jerry. How did you join NASA? How did you end up in Silicon Valley?
Jerry Davis:I started at NASA. I tell folks this is my second trip through NASA. I’ve got about seven years altogether. I was the agency chief information security officer from 2007 to 2010 at headquarters and left. I went into another agency. I got a call in 2012 and asked me if I was interested in coming back.
Host: You tried to leave, but they keep pulling you right back.
Jerry Davis:Yeah, yeah, yeah. NASA is like that. I think it does kind of have that family mentality. So I think when they’ve had people that — I guess I want to pat myself on the back and say, “The people who were good.”
Host: No, that’s a fair point.
Jerry Davis: Part of the family.
Host: You want to keep them.
Jerry Davis:Yeah. They asked if I was interested in coming back, coming out to Ames. I had been out here quite a bit. I actually grew up in Southern Cal, so I had been out here quite a bit when I was the agency CISO. I came back in 2013, been here a little bit over four years up here.
Host: You said CISO.
Jerry Davis:That’s the chief information security officer, yep.
Host: Yeah, because people listening are like, “What’s a CISO?”
Jerry Davis:Yeah.
Host: Really, they just had reached out to you like, “Hey, come on out to the Bay Area. Come to Ames”?
Jerry Davis:Yeah, they said, “Hey, what are you doing? Do you want to come out?” It was funny. Actually, I had two opportunities. The first time they asked me, I just wasn’t ready. I was in DC, I had a lot going on and I turned it down. Regrettably turned it down, but I just wasn’t ready. I think they tried to fill the position, had some difficulties, and came back maybe four or five months later and said, “Are things better for you now?” which they were. I said, “Yeah, absolutely.” They said, “How about now?” I said, “I’m there.”
Host: That’s awesome.
Jerry Davis:Yeah.
Host: Yeah. You did the DC to the Bay Area. I say this in almost every podcast, but it’s the weather.
Jerry Davis:Yeah.
Host: There’s no humidity and it’s 70 degrees all the time.
Jerry Davis:Absolutely.
Host: You just can’t get over it, especially when you see on the news that there’s a Snowzilla or Snowpacalypse, and I’m like, “I’m drinking coffee on my patio. I’m good.”
Jerry Davis:Yeah.
Host: Coming over, was it to land in your current job being in charge of IT systems at Ames?
Jerry Davis:Right. So it was a departure for me. I had grown up, as I like to say, primarily in cybersecurity. That was my background. That was probably my strong suit as it related to IT. And so moving over to pure IT and running an IT organization was what I came for. For me, it was an opportunity to stretch yourself a little bit more, grow a little bit more even though I love security; I tend to gravitate all the time towards that area.
Host: Yeah.
Jerry Davis:But yeah, it was just a slight departure. IT is IT, but now I’m involved in more nuances beyond just security.
Host: Okay.
Jerry Davis:It’s the day-to-day service delivery and different types of issues that come up on you just in IT in general versus just straight security.
Host: It’s kind of the nature of the job. Whenever you’re good at building your widget, you’re good at doing your thing, eventually they put you in charge of the people making it. Then eventually you’re over that entire branch, and so you have to figure it out.
Jerry Davis:Yeah, and that’s something I would get all the time. I have this philosophy about leadership. When I had left NASA the first time and moved on, I went to Veterans Affairs [which] was a huge agency.
Host: Completely different.
Jerry Davis:Huge agency, completely different. One of the questions I got from one reporter was, “You’re leaving NASA, which is a certain size, and now you’re going to one of the largest agencies in the federal government outside of DOD.” And he said, “How is that going to work? How do you expect to deal with that?” I pat myself on the back. I thought I came up with this great quote. I said, “Leadership is scalable to any size.”
Host: Yeah, nice.
Jerry Davis:I said, “It doesn’t matter whether it’s a 5,000-employee agency or 400,000.” I said, “If you’ve got, I think, decent leadership skills and management skills, you can scale up and down.” Switching over to just a pure CIO role, it wasn’t a big change because the principles around leadership and management were all the same to me.
Host: And so in going back to when you first joined at headquarters that first time around, how did you end up landing at NASA, of all places? I’m guessing you were always interested in IT. You’re always probably tinkering, playing around with the computer, doing stuff. But then you ended up leveraging that to doing that for NASA. Did you always want to work for NASA or how did that work out?
Jerry Davis:Absolutely. I’m probably like 99.99 percent of people at NASA who always wanted to work at NASA and always wanted to be an astronaut or something like that. Now I have an interesting story. I was always, as a kid, interested in just technology. I was the that took stuff apart, couldn’t put it back together, was always interested in how things ran and curious.
At one point, I was in the Marine Corps in the Reserves, and I was interested in electro-optical work, so lasers and things like that. I bought books. If I didn’t know something, I’d go buy a book in a minute, and then I would read books on that. That was obviously before the Internet. Right?
Host: Yeah.
Jerry Davis:So go to the library, go to bookstores. I started working with the Federal Laboratory Consortiums, DOD, and the old Strategic Defense Initiative organizational stuff. I got connected to some databases and online forums that connected me to JPL and people who were working electro-optical and that sort of thing.
Fast forward. I always wanted to work for NASA. I was a big fan of spaceflight and the shuttle and that sort of thing. I wanted to be an astronaut. In 2003, I actually applied to the astronaut corps.
Host: It’s kind of a rite of passage around here. You talk to a lot of researchers and people who, at some point in time, figured, “Why not?”
Jerry Davis:Yeah. Through the Marine Corps, through jobs I had. My first federal job was as Central Intelligence Agency, working there in technology and other areas, and kind of being self-taught initially around computer systems and that sort of thing.
I applied for the astronaut job. It didn’t happen, obviously. But what I tell people is that was 2003, and I say, “The consultation prize was four years later, they let me be the agency chief information security officer.” I had been working in consulting and security. It’s funny. When I go and I talk to a lot of kids and that sort of thing. Then they say, “How’d you work at NASA? How’d you get there?” I said, “Simple, I applied.”
Host: Exactly.
Jerry Davis: The positioned opened and I threw my name out there.
Host: The USAJobs.
Jerry Davis:They called me up and said, “We’d like to interview you.” I was pretty confident in my skillset that I had, I felt that I was fairly competitive, and it worked out. It worked out, they hired me, and here I am today.
Host: It’s like you hear all these different stories. There’s some people who start off as an intern, they move in as a contractor, or maybe some weird PhD system where they could come in and they’re paid by the school but they work here. But also, it’s a matter of USAJobs is a website. You go there, you do a keyboard search for NASA, and then you just apply.
Jerry Davis:Right. It’s really not much different even applying for the astronaut program. Right?
Host: That’s very true. It’s the same website.
Jerry Davis:They put out an open call and they’re like, “Do you want to be an astronaut?” “Yes.”
Host: You’re like, “Please attach your resume.”
Jerry Davis:Exactly.
Host: “Or fill out the online resume, and then there you go.”
Jerry Davis:Exactly. I got my little card in the mail that said, “We got your resume and we’ll follow up with you.” Then you get your what I call my rejection card, which I still have, I kept, that says, “Sorry, you didn’t have certain qualifications we wanted.”
Host: See, now it’s so impersonal. It’s a rejection email. You can’t put that on a fridge [and] keep that.
Jerry Davis:Exactly. But yeah, it was just typical, simple steps of applying for a job. I think I had done all the right things in my career at that point to make myself available for those opportunities when they came up. Of course when NASA came up, I was like, “Absolutely I’m applying for that job.”
Host: Looking at your job right now and thinking of IT, but also thinking of cybersecurity, so much of NASA is really sharing research. It’s we’re going, finding this cool stuff, whether it’s like information from a telescope, and then sharing it with the broader research community. I’m sure 9 times out of 10 that sharing it is through the Internet, is through systems. It’s either putting information, making it available, or even just communicating back and forth.
When you’re trying to be open, there’s certain vulnerabilities and there’s some other things that work into that. How does that play into your job of wanting to keep the agency of the scientific community to share info, but also being smart about it?
Jerry Davis:It’s extremely difficult. Like agencies such as Department of Energy with a lot of researchers, scientists and that sort of thing.
Host: The federal government in general.
Jerry Davis:Yeah, the federal government in general. Trying to share information across the general public and maybe other colleagues and communities of interest, while at the same time trying to make sure that you limit access to sensitive information.
Host: Yeah.
Jerry Davis:Security can very easily become a roadblock. It can become a roadblock. I think one of the nice things about the career that I’ve had in security, and just in IT in general but particularly in security, is I have a different viewpoint. I can look at access and the security controls around that and make a quick determination on how we can get people access. Right? Security generally always.
Host: Yeah.
Jerry Davis:It’s true. The first thing in security, the first word is always “no.” Right?
Host: The default.
Jerry Davis:No. But having worked in it so long and then being in the CIO role is I know that there are solutions. I understand that there are solutions. And I understand, I think, pretty good about risk.
Host: Yes.
Jerry Davis:In security, we’re very averse to risk. And so no is, a lot of times, the first thing that will come out of people’s mouths is because we’re just so risk averse and we just don’t trust the humans on the other side.
Host: As you said, there’s one thing to be the problem identifier. It’s a completely different thing to be the problem solver where you figure out, “All right, where is there mutually beneficial situations? How can we get to yes while still mitigating the risk?”
Jerry Davis:Absolutely, and that’s, more or less, kind of a tenet I try to flow through my organization, particularly on the security side, but any side. We’re solutions providers.
Host: Totally.
Jerry Davis:We are support. We are solutions providers. So if we’ve got to figure out a way to make collaboration easier, that’s our job, so we should be working towards that all the time. That’s one of the things I like about the job, the really good things, is being a solution provider. You get to look at a lot of different technologies. Sometimes it’s not technology. Sometimes it’s just a matter of policy.
Host: Yeah.
Jerry Davis:Sometimes you’re looking at policy that was written 10 years ago and it’s outlived its usefulness. So you have to go back and revise policy and that sort of thing and make some determinations. But I like being in the seat to be able to do that, to get people to the data and access that they need to further the mission along. Yeah.
Host: Yeah, and it’s an interesting thing. Because obviously, we like to talk about sharing the information with the scientific community, but there’s also a certain amount where there’s stuff that you can’t share. Because it’s either there’s some proprietary or there’s just some reason that it’s not ready yet. And so you need to be able to protect that information that’s not ready to be shared with people.
Jerry Davis:Right.
Host: But then also looking at your job of where you’re going for customer service. You’re also trying to protect the cybersecurity part. Are you able to dabble in some research and forward thinking, thinking ahead instead of just necessarily maintaining the now?
Jerry Davis:Yeah, absolutely. That’s one of the really big things that I like about, let’s say, not just NASA in general, but being at Ames, because Ames is a research center.
Host: Very much.
Jerry Davis:And Ames has grown up and been a significant contributor to information technology to the world. Some people don’t know is our roots here at Ames is rooted in [it].
Host: It’s a NASA center in the middle of Silicon Valley.
Jerry Davis:Right. That is significant. We were significant in the advent of the Internet before it was the Internet.
Host: Yeah, yeah, yeah.
Jerry Davis:You go to Washington DC, to the museum, and you see the section of the museum where they have conversations and displays about the Internet, and you see Ames Research Center up there very early on with the Internet. So being here at this research center, it affords me the opportunity. It’s acceptable to start thinking about research and development.
Host: Yeah, yeah.
Jerry Davis:Doesn’t matter whether I’m in aeronautics or IT, it’s very acceptable, and in fact, it is encouraged to think about those things.
So we have a number of initiatives that we’re running here out of the center and working with the other codes here, the other directorates, in information technology to look at things, particularly in a security realm, areas around big data analysis, using supercomputers to do things like that that we have here at Ames and do some more R&D for things for not just NASA — it’s important — but also to push those things out where we feel that they are applicable across the nation and even internationally.
So that’s one thing I love about being at Ames, particularly at a research center, is that I can do R&D on my time, on the agency’s time as is allowed, to really look at some complex problems and start working through those. I love it. You really can’t do that anywhere else. It’s really hard to do at any other agency. Right?
Host: Yeah.
Jerry Davis:It’s not your job to really do R&D unless you’re at an agency that does R&D like a National Science Foundation or DARPA or something like that. But you couldn’t do that at another agency. I’m a thinker, I like to be innovative, so I love it. I love that aspect of my job.
Host: I’m sure there’s a certain part where you’re taking the research and the development and then trying to turn that into an actual project, policy, a thing that actually gets funded. And then there’s a lot of back and forth where it’s like, “Here’s a proposal,” you write it, you put it out. Then you send it either to headquarters or try to throw it out there. Sometimes the answer is yes, sometimes the answer is no, sometimes it’s not yet.
Jerry Davis:Exactly.
Host: You get, “You’re onto a good thread here, but why don’t you perfect that?” That’s kind of the same path for how Kepler, a space telescope, was put — Almost all big NASA missions went through this research and development thing until eventually it starts getting pitched and then it’s rejected, then it’s pitched again and rejected again. Are you involved in some of that stuff on the IT side of like where you’re trying to throw some ideas out there?
Jerry Davis:Yeah, yeah. Yeah. Again, as I said, my forte has always been cybersecurity. There’s a lot of, today, nationally or internationally, problems that are maybe considered intractable problems in security, like really hard to solve security problems.
Host: Yeah.
Jerry Davis:And so there’s a number of areas that I’m looking at in cybersecurity and some programs that I’ve pitched internal to the agency, and it works exactly like you said. I always tell people. I said, “About every three years, the good idea fairy comes to me.”
Host: Nice.
Jerry Davis:I have this idea and I go, “I have this idea. I have this idea.” I laid it out here. The one I’m working now, I call it Griffin X.
Host: Okay.
Jerry Davis:It’s around R&D and test and evaluation around cybersecurity for NASA and beyond. When I pitched the idea internally, it was exactly as you described it. I look at it initially as like pushing a wet noodle uphill.
Host: Yeah.
Jerry Davis:One thing that you have to remember when you’re doing these things that I learned very quickly is our audience. Our audience, primarily scientists, researchers, engineers, and I’m talking about cybersecurity. So it’s not what we do as a core. Right?
Host: Yeah, it’s a little different.
Jerry Davis:But we have capabilities here at Ames that I looked at and I said, “I can take those capabilities, package them up, and turn them into a service, and a larger capability for the agency.” So I went and I pitched it around, a little bit external to NASA as well. It got a lot of coverage and interest. Internally, it was really slow going, again, because it’s not core to what we do, and I think folks are like, “Why would we do that?”
Host: A little outside the box. Yeah.
Jerry Davis:So you had to build a business case around it. When it got to headquarters and I started pitching it at the leadership at headquarters, people started to kind of catch on to it. But they said, “Okay, it sounds good. Why don’t we do this? Pressure test it some more internally. Kind of refine it some more.” I tell you, one of the great quotes that I got or guidance that I got was from Alvin Drew, former astronaut. He’s with OIIR at headquarters.
Host: That’s the Office of International Relations.
Jerry Davis:Interagency Relationships.
Host: Okay, cool.
Jerry Davis:Yeah. So had a conversation with him about this. I said, “It’s been really difficult the last couple years, Alvin, trying to push this thing uphill.” And he said, “Well,” he says, “let me explain this way to you, Jerry.” He goes, “Everybody’s baby is ugly initially.” He goes, “But eventually a baby turns into a handsome adult or young adult.” He says, “So just keep refining it and pressure testing,” and that’s what we’ve been doing. And now what we’re starting to see is that a lot of seeds that I planted the past two and a half years are so, they’re starting to sprout.
Host: Nice.
Jerry Davis:As we refined the messaging, started refining the business case, and start making it applicable to folks from a NASA perspective, the interest is growing internally and we’re starting to do more [piling], again, around areas in cybersecurity, around R&D, and how we focus those on mission assurance.
How these activities that we’re doing are very applicable to what we do whether, it’s human space flight or non-human space flight, and how cybersecurity can impact the mission. Here are some things that we can do to reduce the risk to mission from a cyber perspective. So it’s starting to grow legs a little bit and really starting to move, and so we’re excited about that.
Host: That’s cool.
Jerry Davis:But you’re absolutely right. There’s a process that you must go through, and initially your feelings get hurt.
Host: It’s like, “That’s not a bug; it’s a feature.” Because it’s like by going through this process, going with the baby analogy, it’s like everybody’s ugly baby is very precious to them.
Jerry Davis:Yeah, exactly.
Host: But it’s like that is why the process exists. We did a podcast episode earlier in the year with Kimberly Ennico of SOFIA, and she had also worked on New Horizons, and had worked on some projects looking at infrared astronomy. But then that whole thing didn’t even become a thing, but eventually it morphed into a different project.
Sometimes even the research, the thing you’re working on, yeah, maybe it eventually gets approved and goes forward, but maybe it morphs and takes a different [analysis]. But it’s like this is all a part of the journey, all a part of the process.
Jerry Davis:Yeah. Like I said, I look back two and a half years later and I understand it. I understand it more. The first year, I did not understand it.
Host: You were new to it, too.
Jerry Davis:I didn’t understand like, “Why is everybody not just jumping on board with this?”
Host: But it’s like there’s a process of just figuring it out, and it actually works. I’m sure that it refines everything to make them better and more polished. But talking specifically about Griffin X, what is the elevator pitch on that? What is the laymen’s version of what does that do that’s different?
Jerry Davis:Yeah. So it’s about systems security engineering into mission programs and projects at the conceptual and the planning phases. So it’s about planning for security into missions, and then having a capability to test those security controls and those sort of elements after the technology has filled it. And having ability to do risk management and look at new technologies, whether they’re security technologies or embedded systems, things like that.
So being able to test those in an environment for vulnerabilities and have an environment to be able to mitigate those vulnerabilities, communicate it out to the engineering world. Say, “Hey, this technology has this specific type of cyber vulnerability that we’ve identified. Here’s how you mitigate it,” and then train people on that, and again, communicate it out. That’s kind of an element of my elevator pitch. I’ve got a more refined one. I actually haven’t said it in a while.
Host: It’s more than just technology. It’s almost like a process of how humans should act. It’s policy mixed with technology.
Jerry Davis:Yeah, there’s technology. There’s process. There’s actually physical environments, lab environments, where we bring in technology, and you look at it from a cyber perspective to see where that technology has potential vulnerabilities or vulnerabilities in it before we put it on a spacecraft and put it up in space, and have the ability to mitigate it.
Or if there’s already technology that’s already on orbit, have the ability to look at the technology that’s on there and then be able to simulate it in a simulated environment, part of this lab environment, and identify vulnerabilities and then you’re able to make decisions.
Do you want to try to patch it? Can you patch it? At least you’re aware that you have a vulnerable system that’s up there and you’ll be able to monitor it. But being able to do that on the ground without actually having to — A little bit of risk management in there as well. And that was some of the conversation I had with the leadership when I did the presentations last year.
Host: Cool. I would be remiss if I didn’t put you on the spot to brag about yourself for a little bit. Talking about a recent award, I saw you on a fancy website for CIOs. Talk a little bit about that.
Jerry Davis:Yeah. So there’s a consortium group out here, I guess, in Silicon Valley area. They had identified the top 50 CIOs, chief information officers, for Silicon Valley. I don’t know. I was made one of the top 50.
Host: Nice.
Jerry Davis:It was kind of cool. I think when I looked though, I think I’m the only federal government entity in there. You had the likes of the giants in there, the CIOs for Yahoo!, Kaiser Permanente, Mattel, all across the board.
Host: That’s cool. That’s awesome.
Jerry Davis:Yeah, I was happy with that. I wasn’t expecting it. I’ve gotten awards in the past and that sort of thing, but this one really kind of shocked me because of where we are and the company that we’re in. It was just a whole different pedigree of people in the Silicon Valley environment and me just being kind of a regular guy, I look at myself [as] kind of a regular person, to be considered in the same pedigree of people that are on this list was pretty exciting.
Host: Yeah, it’s a cool boon not only for NASA but also for Ames as being in the middle of this technology-filled area of the Bay Area.
Jerry Davis:Yeah.
Host: That’s pretty sweet.
Jerry Davis:Yeah, it’s kind of cool. Some of the people on the list I’m colleagues with and I talk to about just different issues and things like that. But I think the body of work that I’ve done, whether it’s Griffin X and in my career, I think it’s come to light different parts of the nation. But it’s really nice to come to light in Silicon Valley area. It is really nice.
Host: Cool. For anybody who has any questions for Jerry, we are on Twitter @NASAAmes. We’re using the hashtag #NASASiliconValley. So anybody who’s got questions for you, anything about the wonderful world of NASA and being in IT, we can loop everybody on back to you and get some responses.
Jerry Davis:That’d be awesome.
Host: Thanks for coming on over, man.
Jerry Davis:Yeah, absolutely. Anytime.
[End]