HSDF THE PODCAST

Modernizing the ICE Mission: A Conversation with Dustin Goetz Part 1

Homeland Security & Defense Forum

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 22:42

Welcome to “HSDF THE PODCAST,” a collection of policy discussions on government technology and homeland security brought to you by the Homeland Security and Defense Forum

In this episode, We explore how to balance mission urgency with responsible modernization across ICE, from field radios and mobile apps to AI and data mesh. We share a practical way to turn security from a blocker into an enabler while building a workforce ready for zero trust and rapid change.

Featuring:
- Dustin Goetz, Chief Information Officer, Immigration and Customs Enforcement 
- Luke McCormack, Former CIO, Departments of Homeland Security and Justice (moderator)

This discussion took place January 22nd, 2026, at HSDF’s Technology Innovation in Government Symposium

Thank you for Tuning in to “HSDF the Podcast”.  Follow HSDF THE PODCAST and never miss the latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.

Follow  HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security.  Visit the HSDF YouTube channel to view hours of insightful policy discussion.  For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.

A Career Built On Both Sides

Speaker 1

Welcome.

Speaker

Thank you for having me.

Luke McCormack, Former CIO, Departments of Homeland Security and Justice (moderator)

Yeah, yeah. So it's uh it really is a pleasure, and uh congratulations on your appointment. Uh you came in hot. It looks like you're about, you know, uh a hundred feet off the deck on Mach 2, and uh that's the expectation there. Um let me uh let me start with a question around just sort of the leadership journey, right? You've been in a lot of different places, right? Out in the private sector, uh had a huge portfolio at CBP, a little bit of time at ICE once upon a time. All these things sort of come together, and now you're sitting in this big chair. And so, how does all that experience come together to prepare you for the job you're doing now?

Translating Ops And HQ Perspectives

Dustin Goetz, Chief Information Officer, Immigration and Customs Enforcement

Yeah. I I've been absolutely blessed in in my career. Um, if I had to do all over again, I wouldn't change a thing. Um so I have a lot of industry experience. I'm a relatively new Fed. Uh I ran two relatively large companies and enjoyed that. Um, was able to from the outside understand what how to craft government solutions, how to look at it for potentially a solution for the government. Uh and it just it that was a great experience. Um, I wanted to look at it from the other side though. And so around six years, I decided to uh take the plunge, go into government service, and here I am right now. Um and I I would say that um government service is hard, it's a lot harder. Um some of you are prior uh federal service in one way or another and can understand and appreciate this comment, but you don't really understand it from this perspective until you sit in this role. Um my unique nature is that I have both you know corporate and government experience now that I can lean on, and so I can see uh the challenges from both sides. And one of the takeaways that I think I have is that the partnership between government and industry has to be closer and has to be managed. Outside of the black and white of a contract, it's going to take uh those personal touches where we have to sit down and have candid conversations to understand what the pain points are from each side. You have a business to run, we have services to deliver, and uh somewhere in the middle, we're just going to have to always broker that deal. So um it's been a great experience. I would never change it. Um, and I'm hoping that uh through both of these opportunities um uh you know I'll be able to make this job a lot easier. But on that front, I've also served while I was in Federal Service. Um I worked at CBP, that gave me that operational flair. I understood I stood next to the green,

Speaker

the blue, and the tan, um, each with a different mission perspective. Uh went to headquarters and uh hopefully there are no not too many headquarters people here, but everyone has to spend their time at headquarters for various reasons. Um, but that did help me understand what you know from a cut headquarters perspective, the view is completely different. It's it's business, it's politics, and it's support somewhere in between that. Um and then taking all that and putting me where I'm at now has just given me a well-rounded view of I think how I can do successfully my job. Um, always being able to take off a hat and put on another hat and look at it from a different angle.

Priorities, AI Enablers, And Tradeoffs

Speaker 1

And and that goes both ways, right? I mean, we I think we all have found and agree that you know um um if you're gonna do your time at headquarters, it's so important to have come from an operational component, right? So that you have that perspective when you're up there, right? And then to take what you learned there and then bring it back down into uh an operational component uh is is is really important and and very powerful. Speaking of an operational component, you have uh a lot of priorities, right? Every time we turn on the news and everything else, and uh there's a lot of operational activity going on over at ICE. Um uh I don't need to tell you that. You also got the big beautiful bill activity happening, etc. You have all these different priorities. How do you how do you juggle all these running chainsaws and what's the techniques that you're using to stay on point and make sure you're delivering the goods and everything's being accounted for?

unknown

Yeah.

Speaker

So earlier I had said I wouldn't change a thing. I I'm gonna have to quickly recant that and say that I wish I had taken some sort of a dance class because it's it is a ground college, right? Juggling, yeah. Juggling, yeah. Um the priorities are a challenge, and what makes it unique for ICE is the the priorities are different based on the program office that we have to support. So we have OPLA, HSI, ERO.

Speaker 1

OPLA is what for those of you. I'm sorry.

Speaker

OPLA is our legal entity um doing case management, um attorneys, uh supporting judges and stuff like that. Uh but they're the immigration law piece of it. Um so we have to um prioritize each of their unique needs against one another and then take what limited resources we have and be able to apply it. And thankfully, within the last two or three years, technology has really jumped forward in helping us figure out how to span a very wide space with a very few resources. Um I'm sure you'll hear it a thousand times throughout the day, and to include me, but AI has been a force enabler for us. We're leveraging it in every aspect that we can where we're authorized. You know, there are some guardrails that we have to manage with AI to make sure that's ethical and within line of our legal authority. Uh, but we're really not in that area, the legal authority area with AI. We're we're l using it in lower-level administration functions. So um I'd say one of the biggest enablers in prioritizing for my position is going back to what I'd said earlier, having those personal relationships with uh each of the program offices and sitting down with them and having candid conversations. Um we each have they they each have a unique perspective and think that they're the top priority. But then when I get them all in the room and have them compete for top priority and get to sit in my seat, then they quickly understand that, well, I understand we have to put radios in someone's hands. I understand that we have to get an application on a phone so that we can expedite uh apprehensions and processing. So maybe a policy AI bot isn't the most important thing. So that that's you know, paid off in dividends.

Legacy Tech, Shadow IT, And Triage

Speaker 1

You know, I I uh like any agency, certainly yours is no different. Uh a lot of a lot of aging systems, a lot of legacy systems, a lot of um we'll call them advanced operations that you're that you're uh uh required to deliver new advanced type of capabilities. What's the techniques, what's the guiding principles there as you're sort of building that plane as you fly it, as the metaphor goes? Um I guess you've been over there three or four months, you're starting to recognize sort of what you have and what you don't have. What you're thinking there about how do you approach that?

Speaker

Um not that anyone's keeping count, but I've been there for five months and I have every X on my calendar every day. It's been it seems like I've been there for quite a while. Uh you we we came in, uh cybersecurity and a few other OCIO processes. Um we're we're there for reasons. The bureaucracy is there for a reason, the guardrail is there for a reason. Um but the you know they're all part of a process that lengthens a process. So our first rule is do no harm, right? We have these legacy applications out there that have been baking for a while.

Speaker 1

All in the cloud. Um not all in the cloud, but still, you know, aging at this point. They're aging, they're aging a lot of, you know. Yeah, but uh dust on some of those. Yeah.

Speaker

Yeah. Our first our first rule is to understand what we have out there. Uh so we're doing a major push to identify legacy technology, another big push for identifying shadow IT, which is prevalent uh throughout not only ICE, but all the federal organizations. Um and we're trying to quickly identify what those legacy technologies are, what those shadow IT technologies are, so that we can bring in them in and do risk assessments. That'll give us probably one of three options. We're either going to envelop the uh capability into our OCIO uh monitoring, uh, which means that we're going to have to work with the application owners and the and the partnerships with the corporate industry and bringing them up to current day standards. Uh we are going to allow them to continue to operate in their program office, so HSI, OPLA, uh, ERO, but with some very close governance and guidance from OCIO. Again, that do-no-harm approach is we want to make sure that we don't interrupt operations. Uh and then hopefully, in the rarest of situation, we'll sunset that technology. Uh, but before we do that, we'll have to see what we can hobble together to ensure that that service um doesn't have a detriment to the mission.

Security As Enabler: “No, But”

Speaker 1

Uh so it's uh your your classic sort of uh triage mode, um, you know, throw a spring a different one on. I know you're doing a lot of work collaborating with uh other components, etc. Maybe there's some combo platter type uh activity that's gonna go on there as well. Perhaps as you look at, you know, you know, I think about things like UIP and some of these other things. Seems to make sense that as you all are starting to modernize, you're thinking about ways to uh collectively come together over to guests, right? That that makes sense. Um from a security standpoint, right? We always have to throw the security piece in this. I would say that, you know, on balance, uh you all have been a really strong security shop over there, and um have uh some really high-end talent over there, I would say too, um, as do many of the other components. But what's the balance there? How are you looking at that? Is that working for you? Uh are are they being seen as an enabler now? And I'm not just talking about business applications, right? You got these IoT devices, a lot of different things that you know you have to secure. Uh, but at the same time, you know, these operators need this stuff, right?

Data First: Mesh, Standards, And Zero Trust

Speaker

Yep. Yeah, that goes back to the partnership with the program offices to help them translate the priority and the urgency of some of these applications. Um and where it's required, we're definitely going to push them up to the front of the line, but they still have to go through some level of cybersecurity vetting to ensure that we're not introducing um harmful code into the environment, so on and so forth. Uh so our new motto, and I've my team has heard me say this many times, especially the cybersecurity team, is yes, but or I'm sorry, no but. So they our cybersecurity team has had a wonderful, you know, the last five years they said no, you can't do that, and they just walk away. Um, and I'm not saying that they're walking away maliciously, they're not doing that, but they have a thousand other things. The challenge that I've posted to them now is you can say no, but give them options, and we have to negotiate those options. Yeah. Um, so yeah, it's it's been a culture change a little bit, but we're also trying to streamline how we're doing compliance check. We're leveraging some automated tool sets that do compliance check on the applications, on the code, so on and so forth. And AI, that's one of the sweet spots for AI is in compliance and looking at code reviews and also looking at our infrastructure to see where it can fit in and what would be the best place for it to go. So it we're seeing great success there. If you're experiencing something different than what we're seeing, let's sit down and talk and try to figure out how we can work together. And I'm talking specifically about applications and legacy technology that are currently in. That service actually extends out to those that we're trying to do business with. We want to work closely with our industry partners and say, here's our security requirements, where are you at with your security requirements? Figure out some way to meet in the middle. And one of the uh other initiatives that we're doing is uh we have a higher tolerance for risk where appropriate. We're gonna assess operational needs, we're gonna look at the risk, and somewhere we'll figure out how much risk risk we're willing to do or endure as long as there's a quid pro quo, you're gonna have to endure some risk as well. Uh but we if we both have skin in the game and we have great partnership, I think there's opportunity ahead.

Speaker 1

I think that's a good reach out, a good ask, right? Um look, you know, I've I've sat in this chair as well, and uh you don't know everything, right? So you don't know what you don't know. And I I know this gets into you don't want to dime out the SISO or what have you, but if you're down there, you know, fighting this fight and you're just putting beating your head up against a wall, you know, they need to know that, right? Because these SISOs, as I like to say, I'll give you as many no's as you want, but you gotta own that no and get it to a yes, right? That's the yes but so I or no but I think that's extremely important. What else is important is data. And uh boy, I'll tell you what, uh for a guy that's you know, I think you'll you'll uh you'll appreciate this as more of a pliers and wires kind of guy. So am I, right? We kind of come from the infrastructure, architecture, engineering side of the house. You started with data day one, and you're still talking about data. Let's talk about data and sort of the role of data governance and all these various activities that are going on uh at ICE that are just sort of demanding superiority in this area.

Hiring For The Future: CTMS And Skills

Speaker

Yeah, we we're running three major priorities with an OCIO right now. Um I've published them to our internal team. We're making strides now to um finalize them and we're going to advertise those to our partners so that you're tracking the same thing that we're tracking. Uh uh Zero Trust, uh AI, and data management are our top two, or our sorry, top three priorities. Everything that we do is going to be governed by how we manage data. Um, our uh chief uh data officer, who you'll hear from later in the session, uh, will be here and we'll talk a little bit more and unpack our data strategy. Uh but when we talk about the future of ICE and how we're going to do business, it's all inevitably going to go back in how we're standardizing data and how we're uh consuming and advertising the data. Uh that's going to come through different technologies, and we have some in mind. Uh we're not taking anything off the table. Uh more importantly, is that the methodologies and how we're going to change uh the data layer, the data mesh is more important. So our approach now is instead of going back and bestowing uh data requirements onto the application owners, we're going to give them a set of standards and a data mesh layer that they can register their data to that will also condition the data on the fly. We've got to get out of the habit of putting the putting the burden of cost and data management onto the application owners. A lot of these folks have a very thin budget, and we have to help enable the transition of their data to and from their system so that it can be consumable to other subscribers. And what I'm talking about is subscribers, I'm talking um about data migration from within ERO to HSI or CIS, Department of Justice, the Department of State, and they have to just be an easier consumable product. And we're making moves there. Um Curran will probably talk a little bit more about the details and the and the architecture that we're looking at, but the big goal here is lower cost to the application owner, uh standardized data and conditioned data that's curated and conditioned for public or public consumption. Um, and then on top of all that, we're gonna have to figure out collectively how we enable a zero trust model that allows a personality or a profile to go into that data, drill down to the data all the way to the source. The big another bigger issue is you know authoritative data sources. Uh, we do not want to copy data and replicate data. We want to manage data where it lives, and we want to identify old data sets where possible and try to reduce, you know, every application has name, user accounts, something. There's no need for that. We should be going back to a core identity solution, tying into the core identity, and then using that information to propagate out to the applications. This isn't an old only an ICE initiative. Uh the department, uh Antoine McCord is um looking at this as well, and he's uh trying to put some bones to that so that all DHS CIOs are trying to go along the same path and the same line. Um and I think he's doing an exceptional job in that. He's got his priorities out, he's briefed us on those, and we got a lot of head shaking in the CIO community within DHS of the path forward. And I'm pretty excited. I I mean when we everything that we're doing, it all ties back to data. And thankfully, that we're all in unison saying, Yep, data's where we need to go.

Speaker 1

Absolutely. And uh I used to remember um when we were talking about these nation-state actors and um getting into our environments, et cetera, and just a kid, but I said, look, you know, they're not coming in here to look around and see how cool our architecture is or what kind of technology. They're in there to get the data, right? I mean, uh that's what it's all about. Uh what else is all about is uh your workforce, personnel, skill sets, etc. Um a lot of activity going on over there, I know. And uh let's just talk about uh what is um uh currently going on, what's on the forefront is ice hiring, where where where are you at with this whole thing? Right? You've done a you've been there for five months as you described, you have a a general sense of what you're dealing with now, and you know what sort of the North Star is. I think the uh the secretary on down's been pretty clear. How's that looking?

Speaker

Yeah, i uh it well obviously we're doing a massive hiring um sprint for officers and agents to get to the administration's goal of hiring so many HSI and ERO folks. Uh we are kind of maybe second or third priority to that for good for very good reasons. Um, but we do have our pool of candidates that we're getting ready to push out, and it's extremely important. Actually, it's a blessing in some regards because it's given me time to look at OCIO and say, okay, what do we want to look like in the future? And then start crafting our hiring strategy around what that future looks like. Um we're gonna leverage some existing tools. Uh, we're gonna try to move away from the Title V GS hiring and move more into a Title VI hiring structure where we're gonna leverage uh cyber talent management system for those cybersecurity-related roles. Uh, and that's gonna go into your applications development, obviously your SOCs and different uh CISO functions, but we're where it makes sense we're also going to leverage CTMS to hire application developers.

Speaker 1

Um it's if you if I may, just for those at Title V, Title VI, CTMS. Can you go just uh another tick down as you say, what's the concept behind that? What is that? So people understand. There might be people in the room that might be interested in uh in looking at that. You all know how I feel about public service, so please. Yeah.

Speaker

Uh so Title V is your um tried and true uh uh general service employee uh GS rate, you know, X all the way up to a GS 15 with various steps in between that um allow you opportunities to advance within within each of your GS categories. Uh Title VI is a new um hiring authority that DHS has called Cyber Talent Management System. What makes this unique from the prior is that there are it's exclusively focused on cybersecurity and all aspects of cybersecurity from risk management to operations and everything in between. Uh it's pay banded, so the government's able to afford a larger salary for candidates. Uh it is performance-based, it's a salary. Uh so you know the the idea of the 40-hour work week is still there, but it's not as hard and in charge. Uh but some of the other benefits that they give you are retention bonuses, um, training bonuses that are far superior than GS. And so uh the goal is to attract and retain cyber talent and continue their education within the government by continuing and involving their capabilities and tr through training in OJT. And their opportunities, of course.