Charles Lyons-Burt
Ventech Solutions CEO Tonia Bleecher is a government contracting veteran with a passion for working to improve the nation’s health care ecosystem. In 2018, Bleecher joined Ventech, a trusted partner to the public sector leading critical technology transformations that empower government agencies to meet their missions. She started as a senior vice president and swiftly ascended the ranks to chief growth officer and chief operating officer, finally taking the role of CEO in January 2022. Prior to her time at Ventech, she led Truven Health Analytics’ federal unit and stood up IBM Watson Health’s federal practice after Truven was acquired by IBM. She also spent nearly 15 years at Booz Allen Hamilton sharpening her arsenal of public policy, technology and business skills as account lead for the Centers for Medicare & Medicaid Services.
Bleecher sat down with ExecutiveBiz this month to talk about effective, incremental strategies for cloud migration, cybersecurity and the importance of promoting a culture of enjoyment in a corporate setting.
What is the top challenge you’re seeing as federal agencies migrate to the cloud? What solution would you propose to this problem?
I’m going to take the point of view of the client. In terms of getting out of an on-premises data center, it’s not just a matter of ‘lift and shift’—that’s just the beginning of the journey. There are a host of things that an organization needs to consider as it is looking to move to the cloud. One can look at it as three main pillars: people, technology and process. First, you want to look at your workforce and make sure you have the right skill sets for the transition. The skills needed to run a data center versus the cloud are not one-to-one, so there is a definite need for access to cloud specialists. You can’t turn your on-prem data center managers and engineers into cloud experts overnight. But you can offer opportunities and growth within your workforce as you make the move and beyond.
As far as the technology, you need to determine compatibility between the on-prem data center and the cloud solution. Some of the applications that you’re currently hosting might not be compatible with the cloud. You’ll want to ensure that your applications are going to operate and work well in the cloud environment and that, once migrated, application development methodologies and governance are modernized to take full advantage of the flexibility and agile cloud capabilities.
Looking at processes, one of the most critical things for success is adopting a cloud-first policy as early as possible. This prevents wasted effort and rework. It expedites the migration by ensuring a maximum number of applications are cloud-ready and able to take full advantage of the flexibility and cost savings of the cloud out of the gate. A simple ‘lift-and-shift’ gets you out of the data center business, but it only helps capture a small fraction of cloud benefits.
You’ll want to take a hard look at your information technology governance, policies, practices and even your organizational structure. Migrating to the cloud can greatly simplify operations, reduce touchpoints and dramatically improve velocity only if these areas also align with the cloud transition. Buy-in from IT management and technical support teams for these changes is critical. Continuing to use your old waterfall methodologies to manage an agile cloud infrastructure is not only sub-optimal and expensive, but it can also be incredibly frustrating for everyone involved.
Governance around cloud is very different from what it is for on-prem data center. You have the ability to move so much faster in the cloud, but you have to implement guardrails so something doesn’t go awry. Adopting DevSecOps best practices as part of the new governance model, ideally with automated security and code quality tests throughout the development pipeline, can greatly reduce cost, schedule and security risks. In our experience, it also enhances code quality over time as developers receive rapid feedback and learn more quickly from their mistakes. It also helps minimize the propagation of bad code.
I will echo a comment that our Chief Technology Officer Stephen Veneruso often makes: “Measure three times, cut once. Otherwise, you’re going to have a disaster.” Guardrails and IT governance are critical in that regard.
What is the project Ventech Solutions is involved in that you’re most proud of?
We’re very proud of the cloud work we did in partnership with the Centers for Medicare & Medicaid Services Center for Clinical Standards and Quality Information Support Group. Ventech Solutions runs a very large piece of their infrastructure, and we helped shepherd their incredibly critical health care quality systems and vast volumes of data from on-premises to the cloud. We worked closely with both government and application development thought leaders to develop a new governance model, processes and support model to minimize red tape, meetings and touchpoints while establishing appropriate guardrails.
First, we wanted our client to rethink how they were running their business. We brought on seasoned cloud experts and rebuilt it all from the ground up. And with all of those things that I talked about—people, process and technology—we tackled each of those areas to lead to success. We made sure the right skill sets were there, the proper governance was in place and their policy and their mindset became cloud-first. We also championed self-service capabilities, which empowered the developers to increase their velocity securely and dramatically.
You might think that would have been really expensive—but, on the contrary, we saved the division $85 million. The transition to the cloud accelerated development and helped them move faster in meeting their mission. A big piece that drives CCSQ’s mission are the goals outlined in the CMS National Quality Strategy. To meet their mandate, they’ve got to be operating at full speed and able to work and move rapidly. The cloud environment that we partnered with CCSQ to build does just that. Recently, I’ve seen a lot of agencies tout that their move to the cloud is going to be the first time it is being done in the federal space. Clearly, Ventech Solutions and CCSQ’s ISG need to continue getting the message out that we’ve already done it, and very successfully. This was a very, very big deal and we’re really proud of it.
What is the biggest threat facing U.S. cyber systems today, and what is being done to protect against that threat?
As I see it, there are two main components to cyber threats today. There is the aspect of what can happen internally when things go awry—that’s a security problem. The other threat is the nefarious actors that are always attacking systems. Protecting against the bad guys is a full-time profession now. My comments are solely on the internal activities that need security attention. To get the best results, your internal security approach should enable your business, not be an obstacle to it.
Business technology evolves very rapidly, and new codes and new players are coming into the infrastructure. How do you manage risk without slowing things down? You could just lock everything down but, if you do that, then nobody can get in and work can’t get done. Similar to what the cloud can bring, we think that you’ve got to combat these security problems by having an agile security function that integrates with the entire business. Like I said, you can’t shut things down. Things have to keep moving. It’s not security as a layer on top. It is part of the enterprise operations and how you’re doing business day to day. Our security function is embedded with the developers. That is a key component of truly adopting the DevSecOps model, which allows the security team to support the developers while dealing with the potential security issues early in the life cycle, before they hit production—where all sorts of travails could occur and where remediating the problem will cost a lot more.
In our processes, we embed the ability to manage the chaos that could occur internally. Granted, I could go on and on about the things we do to protect against the bad actors, but I wanted to focus on the proactive security—DevSecOps—that we put in place and how we make sure that we don’t slow down the business.
Tell me about your company’s culture. What aspects of the company do you think are contributing most to its success while helping to attract and retain top-level talent?
We follow a servant leadership model. We serve our customers, we serve each other, we serve our communities—it’s a culture that’s embedded in our daily interactions and how we go about our business. The way I see servant leadership is that we are all solutions-oriented and everyone in the organization is empowered, regardless of title, to influence decisions, achieve results and get things done.
The servant leadership model requires that you build consensus, bring people to the table, educate, motivate and inspire people to collaborate and arrive at a solution. We always ignore the noise to get to a resolution. By treating each other well, holding each other accountable and empowering people to get things done, we operate effectively and healthily.
I think it’s been a key element to our success and key to how we keep people engaged in the post-pandemic world. As many of us are working remotely, how do you keep engaged? How do you keep people wanting to remain a part of the mission? It’s by encouraging the attitudes and executing in the servant leader framework.
Technically, our corporate headquarters is in Columbus, Ohio, but the biggest areas of our operations take place in Baltimore, Maryland, and Des Moines, Iowa. We are in the process, as the office building contracts expire, of letting go of the brick-and-mortar spaces. So, ultimately, we’ll have one brick-and-mortar office, barring a future opportunity that requires us to have some kind of physical facility. We’ve moved to the coworking office subscription model where everybody has access to an office space when needed and wherever there’s a coworking office—and there are many of them in the world. This offers a flexible means for employees to connect face-to-face when keeping people engaged is key.
What are your company’s core values? How do you think these values translate into continued success and growth in the GovCon market?
Some of the underlying values that we apply each day under our servant leadership model include client-first, integrity and accountability, respect, innovation, collaboration and a desire to have fun. The having fun part is really important. It elevates engagement and heightens the passion and the excitement of getting up every day and enjoying what you’re doing. Our core values are the fuel that helps us continue delivering the results and impact that we’re known for as we serve our clients’ important missions.
