For defense organizations, enterprise IT modernization is inseparable from mission readiness. As organizations layer new capabilities onto already complex environments, the attack surface expands, cybersecurity teams face mounting strain, and mission outcomes can hinge on whether users can securely access what they need without friction. The modernization challenge spans everything from cybersecurity, to IT service management, application improvement, and, of course, the potential of artificial intelligence (AI).
In this Breaking Defense Q&A with Tim Gilday, vice president, Enterprise Digital Experience, Digital Modernization, and Bethany Leickly King, chief experience officer, Defense Enterprise IT Modernization, with Leidos, we connect modernization to mission and affordability and emphasize that success depends on integrating human-centered design, organizational change management, and user adoption planning from the start, along with cybersecurity. This helps ensure that transitions are smooth, adoption is strong, and capabilities are sustained over time.
Breaking Defense: What are the threat scenarios driving the urgency for enterprise IT modernization?
Gilday: The pace of technology change is accelerating with new innovations arriving at a faster clip. Most of our current customers are receptive to adopting cutting-edge technologies, which presents exciting opportunities for progress. However, we’re already dealing with agencies that have a jungle of tools, some underutilized, others redundant, and some introducing unknown risks from a security standpoint.
When you take these already complex environments and try to inject new technology in a bolt-on fashion, you’re creating new threat vectors and compounding the challenges. This rapid pace of change leaves little room to adequately address security concerns, pushing our cybersecurity teams to the limit as they struggle to keep up with routine vulnerabilities in an increasingly complex and dynamic landscape.
Then you’re adding more blades of grass on top of that. So, we need innovative methods to continue to track and mitigate vulnerabilities effectively as we start to insert new technology.
From the customer experience and organizational change side, what are the friction points when agencies try to modernize in this environment?
King: I agree with Tim that the pace of change is accelerating, which presents a significant challenge from a customer experience perspective – resistance to change.
This resistance, especially in the federal environment, is often due to the belief that there are going to be high costs for change or a potential loss of resources. To help address this resistance, we work with our stakeholders at the beginning of any modernization effort to provide clarity on what they can expect.
Clarity means setting expectations from the beginning of what they’ll gain, what they’ll lose, what’s in it for them, and what their new roles and responsibilities will be after the modernization or transformation occurs so they can plan effectively for resources and budgeting. To do this, we follow a structured organizational change management approach to reduce uncertainty and minimize resistance. We bake this into our projects from the beginning to promote a smooth transition, strong adoption, and lasting sustainment.
Connect modernization to both the mission and especially affordability.
Gilday: While I could answer every question with this, the mission remains paramount. It is essential that we execute effectively to support the mission each agency or program is tasked with achieving, especially in the context of modernization efforts. This means that even in the face of budget cuts, agencies must find innovative ways to deliver on their mandated outcomes.
Sometimes that creates short-term fire drills. You can’t avoid it. Maybe you have to cut licenses, or you have to find new ways to make ends meet. When you’re not caught up in fire drills and have the opportunity to think strategically, I’d like to see a shift towards considering total cost of ownership rather than focusing solely on short-term budgets or the immediate bucket of money available for this quarter or period of time.
It’s the same in publicly traded companies. We have to think quarterly, and there’s that healthy tension between short-term and long-term thinking. If we can encourage the government to plan in a certain way, especially as we integrate transformative technologies like AI and automation, that means we may have to invest upfront in a temporary higher fee that can reduce costs significantly in the long term rather than just taking short-term actions like cutting licenses or removing modules from platforms that we found value in.
Where does human-centered design fit into IT modernization?
Gilday: From a security perspective, human-centered design is crucial. When we design systems with the user’s day-to-day experience in mind, we aim to minimize accidental vulnerabilities that can arise from human interactions with technology.
By addressing these challenges like difficult-to-memorize passwords for each system and replacing them with solutions such as single sign-on, biometrics, or passwordless authentication, it not only simplifies the user experience but also reduces the likelihood of human error, which is a major contributor to cyber threats. That’s why it’s essential that we build systems with security in mind at all times.
As agentic AI and other emerging technologies are rapidly exploding, you can’t just pour some AI on it and hope that it’s going to work. You need to have maximum transparency and observability where those AI agents are interacting, what they’re doing, and have those logs ready so you can analyze the data and react to it quickly.
King: Customers need to have a plan for managing the user adoption process from the beginning to help ensure the most successful outcomes in any transition. To effectively address future challenges, they need to integrate organizational change management and customer experience into the project lifecycle, just like they are doing with security.
I see organizational change management as critical to any implementation or transformation where people are involved. It’s following a structured change management approach to help people adapt to new technologies and processes. We know that change can be hard, but with the right activities, the right resources, and the right techniques, that resistance to change and risk of low user adoption can be minimized.
Are you seeing requirements language catching up to that reality?
King: More so now, I’m seeing the use of specific words related to customer experience, workplace culture, and organizational change management in requirements documents.
We all went through a period of such rapid change during COVID. It transformed the way we work, how we access tools and technologies, and how we connect and collaborate with others. It really heightened the need for organizational change management and the need for experts trained in that discipline to help people through any kind of transition, especially when technology is involved. And we’re still seeing this need evolve today.
Gilday: The last administration and the current administration both put out executive orders around customer experience and user experience. The most recent one, the America By Design executive order, established a national design studio so every branch takes it seriously. It’s just the methodology and the execution. We’re all in a learning phase.
The government has best practices that they would like to convey, but it’s a matter of ensuring they’re ingrained and followed or executed in a similar method across agencies.
Let’s shift to Zero Trust cybersecurity. A lot of people reduce it to a product purchase. How do you define it?
Gilday: Zooming out on Zero Trust, we don’t want to get confused because sometimes a product will advertise itself as a Zero Trust solution. That’s great, but that is only a tiny part of the solution.
You’re hitting on something that is near and dear to both Bethany and I. Zero Trust is people, processes, and technology working in constant synchronization, double checking each other in a system of checks and balances. Helping to culturally understand that and put in place human practices that support the technology is the only way you’re ever going to get to truly successful, comprehensive Zero Trust.
King: When people aren’t committed and don’t change their behaviors to adopt the system or new process, an implementation can fail, even if a solution is effectively designed from a technical or security perspective.
If you’re not focusing on the people, you’re subject to redesign, re-scope, retrain, or even retreat, and those can all be costly.
Tim, you’ve used the phrase ‘delight by design.’ What do you mean by that and why does it matter in government?
Gilday: First, Bethany is preaching to the choir. I could not agree more. Fortunately, Leidos is a large organization with broad capabilities. We are able to see the big picture. We can leverage a diverse pool of experts, strategic partnerships, and proven, repeatable solutions anchored in mission knowledge to effectively address customer pain points. Even though I have an emerging technology background, I understand the human has to remain at the center of everything we do. Until the day that the very last human is replaced by AI, our focus must be on planning, building, and executing government technology solutions with the human at the core. Putting people first is the foundation of meaningful progress.
Our guiding principle is ‘delight by design.’ We believe it’s a right for employees and constituents of the government to have a successful, if not delightful, experience getting the outcomes that they’re trying to achieve.
King: When we design for delight with intent and discipline, we transform customer experience from a differentiator into a valuable component of mission success. By intentionally shaping interactions, we inspire confidence, loyalty, and long-term impact with our government customers.
For more on the topic from Leidos: From Compliance to Confidence: Designing Government Experiences That Build Trust
