With federal efforts to update legacy IT systems behind schedule, the public sector is in serious need of modernization. But the problem is more complex than a simple lack of awareness. After years of avoidance, many have become dependent on inefficient workarounds and outdated applications like COBOL. Now, a change in mindset is the solution gaining traction. Instead of an insurmountable challenge, some leaders are reimagining change as an opportunity to innovate.

For an expert's perspective, we spoke with Shawn Surber, Solutions Engineering Director at Island, an enterprise browser company. With over 15 years of experience in IT operations and security, Surber has spent his career navigating this very issue at giants like Tanium and Fortinet. Today, he brings that expertise to the emerging enterprise browser market, where he works with C-level executives to solve their most complex security and operational challenges. To break the cycle of inertia, leaders and vendors must look beyond technology and into the psychology of the people operating it, Surber believes.

"So much of deploying any new system is identifying what is personally valuable to the key decision makers and influencers. What does this do for them?" Surber says. Instead of modernizing, however, many in the public sector are digging in their heels. To navigate this landscape, vendors must adopt a specific, defensive mindset where project failures are an expected outcome, he says.

Meanwhile, clinging to the false security of virtual desktop infrastructure (VDI) only compounds the problem, Surber explains. Stacking more tools like CrowdStrike or SentinelOne into every VDI instance creates a vicious cycle of escalating costs and diminishing performance. A single host running 50 VDI instances, for example, forces an organization to pay for 50 separate copies of security software, consuming massive amounts of CPU and RAM.

• Kicking the can: "Organizations use VDI because it lets them kick the security can down the road," Surber says. "They operate under the false belief that as long as they are in VDI, they have complete control over their data. The reality is a terrible user experience that is slow, inefficient, and not nearly as secure as they think." Behind that paralysis is a fear of innovation that Surber calls a human resources Catch-22.

The result is a complex landscape of regulatory and cultural obstacles. For example, Surber contrasts a budgeted CIO at a Fortune 1000 company, which means the deal is "pretty much done," with a government CIO, where approval is "the beginning of the road, not the end." Some agencies are forbidden from accepting a "free proof of value," which forces a more rigorous and lengthy paid pilot. Even then, a project can be derailed when stakeholders wait to voice objections about their niche requirements until the last minute, Surber notes.

• Cure for happy ears: "The worst thing a vendor can do is get 'happy ears' and hear, 'Oh, yes, the engineers agree.' If there's a bell ringing in the back of your head that says this might be a problem, it will be a problem. In the world of subscription services, if you fail to deploy successfully, you're shelved at renewal. Your goal must be to build that connective tissue and take that knowledge about the detractor straight into the deployment. If you bring in a new team that doesn't have that knowledge, you've broken the entire project because they're resistant to it."

Successful campaigns win over the architects and engineers, Surber explains. Otherwise, a lack of buy-in risks undermining any project, a phenomenon already responsible for costly and high-profile project failures. The goal is to show them how modernization can be a vehicle for expanding their skills, transforming a perceived threat into a tangible opportunity.

• The sandbox architect: One tactic is finding a "win" for the sandbox architect who has tuned their old system to perfection and genuinely believes no improvements are needed. "When you get down to the architect who has built the perfect system, they're like, 'I've got everything tuned exactly right. No improvements are necessary.' That becomes a massive obstacle," Surber says. "How do we make this a win for the architect? How do we build them up through the process of bringing in these solutions?"

This resistance is often rooted in professional identity, which can elevate a modernization proposal from a simple inconvenience to a perceived threat to their job security. "When people have built their entire careers on managing a specific system like SCCM or Citrix, and someone comes in and says, 'Hey, we need to put in a more advanced system,' they feel personally attacked." Because the resistance is personal, the solution must be, too, he says.

• Talent trap: Some employees actively resist learning anything new, while others who do get trained on innovative systems often leave for higher-paying jobs. Today, that trend is fueling a "brain drain" from the public sector. "You will always have employees who have no interest in learning new things," Surber says. "They have six buttons to press, they come to work, they press those six buttons, they go home."

Ultimately, a systemic trap reinforces that resistance, Surber concludes. Here, long-tenured employees are often bound by the pension system. That trap, combined with the fact that public sector CIOs often lack the authority to fire resistant staff, creates a significant power imbalance. "The pension is unbelievable," he says. "In California, you can retire, draw your full retirement pay, and then go back to work part-time for the agency, where you can negotiate your salary outside the normal pay range."