Survival Guide: David Sullivan, chief information officer, Virginia Beach, Va.

David Sullivan's job doesn't stop at information technology. As chief information officer for Virginia Beach, Va., Sullivan is responsible not only for the city's $25 million annual IT budget, but also for its public libraries, media communications and citizen outreach. It's a complex job for a local government that is the largest independent city in the Old Dominion, and one of the 50 largest cities in the nation with a population rapidly approaching 500,000. Sullivan spoke with Staff Writer William Welsh about the IT challenges and needs of his city.   How does your job differ from that of a federal or state CIO? At the local level, we have one technology infrastructure that supports all the different lines of business, so we already have an enterprise approach to supporting business needs. In a federal agency, you have the CIO responsible for meeting the business needs of that agency, which are generally somewhat narrowly defined. At the city level, on the other hand, my responsibilities run the range of everything from public safety to libraries to parks and recreation to health care -- a whole variety of business needs that we try to address with the technology infrastructure.  What's unique about being CIO of Virginia Beach? I have responsibility for all of the technology data information components, which in Virginia Beach includes everything that you would traditionally think a CIO would do, as well as the public library department. That has actually worked out interestingly, because we've been able to take the science of information management that librarians are so good at and marry that with a lot of our technology initiatives. I also have responsibility for the city's media and communications efforts. I handle anything that has to do with communicating internally about technology or externally with citizens. I publish a quarterly magazine and have three television stations.   How has your job changed since the Sept. 11 terrorist attacks? The biggest shift I can attribute directly to Sept. 11 is an awareness of the whole public safety infrastructure. We are working to enhance our ability to communicate regionally with all of the other cities in the Hampton Roads region, as well as the federal presence in Virginia Beach. We are trying to establish a much more seamless way to communicate from a public safety standpoint. Since Sept. 11, there is a much greater sense of "we need to get this done," whereas before there was more turf protection among different levels of government and different cities. That seems to have gone away. Now the complexities are the different kinds of technologies in use, budgets that aren't in sync and shortage of funds. These are things that you can work on together. How do you cope with the seemingly never-ending string of mandates from federal and state government? The tendency when you are the local government and on the tail end of that stuff is to complain about it. I try to resist that. But you have to understand everybody's perspective. Certainly, at the federal level, they are dealing with 50 states and then 30,000 local governments and the only real way to make it work is to mandate things. I would be happy if the federal government actually made more decisions and left less discretion to the localities, because I believe we would be able to do things better if there was clearer direction.   As Virginia Beach CIO, what is your top security concern? The concern we have right now is malicious code, whether it is a virus, cookies, advertisements or spyware. We are getting inundated with that stuff and have to apply hundreds of patches to address it. We have a very good approach for workstations. By and large, we are doing a really good job of keeping the workstations clean, secure and running. The servers, on the other hand, are more difficult because of the need to test applications. You just don't apply service patches to production applications without some testing. It takes time and energy. Just trying to keep the servers patched to the level they need to be patched has impacted us heavily on the IT security side. When you have hundreds of servers running, it is a real challenge to get those patches done.  What can the federal government do to help you strengthen your homeland security plans and resources? When we are doing grant requests for multiple jurisdictions, we have to coordinate with other cities and get approval from all of them. The sheer logistics of trying to get a complex application through three or four different cities in four or five weeks is very difficult. It would be easier if we had more time.   What advice can you give contractors that want to work with local government? Recognize the different forms of local government. We are a city manager-council form of government, which is a different approach than if you have a mayor. A lot of times, we see vendors approach through the political side, and in our case that is not the way to approach. The city manager-council form of government is more pervasive. Vendors should approach those cities through the city manager.