From Building 213 to the Pentagon: John Sherman reflects on his legacy in government
If there was one thing John Sherman wasn’t afraid to do during his time as the Pentagon’s chief information officer, it was advocating for new ideas in a bureaucracy that is infamously resistant to change.
He entered the role in December 2021, a tumultuous era marked by controversy over the Joint Enterprise Defense Infrastructure (JEDI) cloud effort. In the midst of the fallout, Sherman recognized that the department needed to pivot.
“I truly felt we were figuratively fighting and dying on a hill not worth fighting and dying on,” Sherman told DefenseScoop. “All this litigation that we were stuck in and back-and-forth between the several cloud service providers, I felt we were all expending energy against the wrong goals.”
Six months into his tenure as DOD CIO, he made the recommendation to cancel JEDI — a program that sought a single vendor for the Pentagon’s first enterprise cloud capability — and pivot to a multi-vendor acquisition process under what is now known as the Joint Warfighting Cloud Capability (JWCC).
“That, to me, has been the flagship or one of the top achievements I’ve had as CIO,” Sherman said.
Sherman announced June 6 that he would be departing as Pentagon CIO by the end of the month, moving into a new role at Texas A&M University, his alma mater, as the Dean of the Bush School of Government and Public Service.
During an exit interview with DefenseScoop on Monday, Sherman reflected on his nearly three-decade career in government where he often campaigned for novel approaches and technologies to accomplish missions.
“Anytime you’re doing something new, you’re gonna break some glass doing it,” he said.
A ‘digitally focused’ IC
After serving in the Army as an air defense officer in the 24th Infantry Division, Sherman said he was interested in working in the intelligence community and initially applied to be an all-source analyst at the Central Intelligence Agency.
But when he received his interview package, he was sent to Building 213 in Washington, D.C.’s Navy Yard where the DOD was standing up the new National Imagery and Mapping Agency — now known as the National Geospatial-Intelligence Agency (NGA). Sherman was hired as an imagery analyst in 1997, investigating and distributing geospatial intelligence on the Iraqi Republican Guard.
“Working that Republican Guard account for several years will, and continues to be, one of my fondest memories in the IC — working with some amazing teammates in Building 213 supporting U.S. Central Command and other entities with what I thought was insightful analysis during the no-fly-zone days, and then moving to the start of Operation Iraqi Freedom and onward,” Sherman said.
He would spend the next 23 years in the intelligence community, including as the CIA duty officer in the White House Situation Room, an all-source analyst on the National Intelligence Council and a role at the NGA Office of the Americas.
Notably, Sherman was part of the small team that was present in the White House Situation Room on the morning of the September 11 attacks on the World Trade Center.
“It was a sobering experience, but also we were honored to be there to support crisis operations on that day,” he said.
In 2014, the CIA was looking to become more “digitally focused,” and Sherman became one of two deputy directors of the CIA’s Open Source Enterprise (OSE) managing the tradecraft of open source intelligence. He led the Middle East and Asia portfolios, as well as the portfolio for emerging technologies where he first began experimenting with commercial cloud capabilities, he noted.
While at OSE, Sherman helped stand up a low-side cloud capability called the Open Source Data Layer and Services (OSPLS). The effort leveraged Amazon Web Services and other capabilities provided by the IC’s Commercial Cloud Services (C2S) program to provide a cloud-based environment for less sensitive and non-critical information.
He detailed how he also took part in the Eyesight Mission Users Group. Although the group’s focus is classified, Sherman said the experience taught him critical lessons on data standards and exactly how cloud technology works.
“What I was able to do was, as one of the initiative leaders, use open-source gathered information to feed into NSA’s gov cloud — which was their part of the classified capability — to then run the compute against this open-source information and find new things that we would not have been able to discover otherwise,” he said.
Sherman was later tapped to serve as the intelligence community’s CIO in 2017, and during his time he initiated several innovative changes that allowed the IC’s IT enterprise to evolve.
One of those was shifting focus on a program known as the Common IC Desktop Enterprise, which initially looked to create a unified architecture that would allow analysts and officers to move between agencies without the hassle of transferring their data. Despite all of the money and time the IC had already invested into the effort, Sherman said he recognized it wasn’t working.
“It was never going to scale out to being this IC-level capability that it was envisioned to be, and so we pivoted to a federated architecture where we would have standards and then be able to accomplish some of the same interfaces — but not with this unified overall architecture that we were first going along,” he said.
Another accomplishment as IC CIO was the creation of the Commercial Cloud Enterprise (C2E) program. The intelligence community had been using a single-vendor approach under C2S since 2014, and Sherman initiated the follow-on C2E effort to bring a multi-vendor, multi-cloud capability to the IC in 2020, with Amazon Web Services, Microsoft, Google, Oracle and IBM serving as vendors.
“I’ll also admit this freely — C2E was the model for what became JWCC at DOD,” he said.
Leaning into hard decisions
Sherman was brought into the Defense Department as the principal deputy CIO in 2020, later replacing then-CIO Dana Deasy when he left his position in 2021. Although the department was grappling with many problems with its IT enterprise then, there are still a number of other issues the new CIO who replaces him will face in the future, he said.
“I don’t know what the next hard decision is going to be, but be ready to lean into that,” he said.
Still, Sherman touted the accomplishments he made during his time at the Pentagon, especially related to the department’s pivot to JWCC and the awards made to Google, Oracle, Amazon Web Services and Microsoft for the program at the end of 2022.
He noted that over $700 million worth of task orders across all three security classifications have been awarded through JWCC to date, with organizations like the F-35 Joint Program Office, defense agencies and combatant commands all on board with the program.
JWCC’s growth has also initiated the Pentagon’s new Joint Operational Edge (JOE) initiative to provide cloud capabilities at the tactical edge — a concept he calls the “lily pad.” One JOE cloud has already been installed at Joint Base Pearl Harbor-Hickam in Hawaii, another is coming online next in Japan, and the Pentagon is currently looking at sites for a third one in Europe, he said.
“One of the big things that we talk about a lot with cloud tradecraft is procuring cloud is not the end of the story. You have to learn how to use it, you have to learn how to apply it to your mission,” Sherman noted.
As it prepares for the next phase of the program, dubbed JWCC 2.0, Sherman has directed the CIO’s team to conduct an after-action review of the entire effort.
“While I’m a huge fan of it, I know it’s not perfect. Because like with C2E, we’re kind of figuring out how to walk and chew gum in a multi-vendor environment,” he said. “What can we do better for JWCC 2.0? Are there things we can put into place to make [software-as-a-service] offerings easier to manage?”
Along with cloud modernization, Sherman has led efforts to improve user experience at the department by creating a UX portfolio management office at the CIO, fix the lengthy authority to operate (ATO) process in response to complaints from industry, and move the Pentagon into adopting a zero-trust cybersecurity framework by 2027.
In a statement to DefenseScoop, Deputy Secretary of Defense Kathleen Hicks praised Sherman for positioning the department for success while he served as CIO.
“John tackled some of the most complex challenges in the Department during his tenure, advancing the Department’s information advantage and improving our decision superiority, from the combatant commander down to the platoon leader,” Hicks said. “His leadership on ground-breaking initiatives such as the Joint Warfighting Cloud Capability, Zero Trust Architecture, and the Emerging Mid-Band Spectrum Sharing assessment materially strengthened US national security.”
A key challenge for the department moving forward will be to ensure it is modernizing at the pace it needs to, all while leveraging industry capabilities when it can, he said.
“As we talk big thoughts about edge cloud and transport and zero trust, never forget that it comes down to a service member’s ability or civilian’s ability to do their job — not only at the Pentagon, but out at Osan Air Base in Korea, or onboard a ship in the Red Sea, or at a special forces detachment in Africa,” Sherman emphasized.
Another will be tackling the Pentagon’s growing tech debt, he added. Warfighters are still using a lot of outdated technology from previous conflicts in the Middle East, and Sherman noted that understanding that priority and leveraging the entire enterprise to address it quickly is crucial for the department.
“We’ve got to pay the piper on this because in the digital battlefield that we’ve seen in places like Ukraine and what we could have to face in the western Pacific, these digital IT capabilities are war-winning technologies,” Sherman said. “It’s not just blinky lights and data centers, this is the difference for decision capability for our commanders.”
When asked what advice he would give to the next DOD CIO, Sherman emphasized the importance of working as a team with all of the departments and components at the Pentagon, as well as collaborating with industry as much as possible.
Leslie Beavers, DOD’s principal deputy CIO, will serve as acting CIO as Sherman departs until the department makes a decision on a full-time replacement.
He also pointed to the importance of strong leadership when making hard decisions and setting a clear north star for some of the departments where change might be a heavy lift.
“This has been the greatest opportunity I’ve had professionally, but also I’d be lying if I didn’t say it’s the most challenging,” Sherman said. “So that would be my advice to the next CIO: Buckle your chin strap and get ready, because this is going to be a heck of a ride.”