enterprisesecuritymag

The Great CIO Myth

By David Tamayo, CIO, DCS Corporation

David Tamayo, CIO, DCS Corporation

Recently, after participating in a panel of so-called “experts” at the local chapter of the Society for Information Management, a young IT manager came afterwards to ask me, “How can I become a great defense industry CIO?” I almost walked away thinking, “Well, that’s a stupid question! It’s like asking how do I become a great chef, a great swimmer, or a great potato grower by putting the required minimum of 10,000 hours on the job and by being in the right place at the right time with the right people.” So I turned back and scheduled to meet with him the following week.

"Whether you like it or not, people, budgets, business goals, etc. will determine your technologies and priorities for you, no matter how much of a perfect CIO you think you are"

Anyone who attends one, two, or more CIO conferences a year knows there is a plethora of flawless peers presenting and handing out “the perfect solution” that will turn you into a secure and confident CIO star. But the sad reality is that in most medium to large businesses, you’ll have some areas of the enterprise that are barely above the use of yellow pads and #2 pencils as computers, while other areas are slightly below Star Trek’s transporter technology. Oh, by the way, if you are already a confident and secure CIO star… well, you are in more trouble than the rest of us!

The key to being a “great” CIO (whatever that really means) starts with being brutally honest with yourself, knowing your weaknesses and strengths—doing a yearly personal SWOT analysis or even a 360-degree evaluation would not be a terrible idea. You should also attend many of those “CIO discussion group” meals offered by vendors and consultants who want to discuss some new technology or the latest buzz word. I understand that you know these are just sales pitches even when you and your peers are doing most of the talking, but these are great opportunities to learn about new technologies while having a glass of wine; sometimes they’ll bring up real issues and you’ll hear others gripe about the same problems you have. It’s a free quick education that will keep you from falling behind, even if it will be a decade before you can actually bring these technologies to your enterprise. Remember, in IT if you are not learning, you are falling behind fast.

Once you know thyself, the next most important thing is to surround yourself with as many smarter-than-you people as you can afford. Yes, of course people are the most expensive assets in IT, and if you don’t wish to break your company’s pockets, you better minimize the number of humans you have. Oh, I just contradicted myself a little; do we keep many people or few? Look, just get rid of the mediocre people (since I know you’ve already got rid of the really bad ones). Mind you, it’s not easy. Ask your HR VP or Legal VP, they’ll tell you it can’t be done, but it can. All newly hired staff should always be required to get a new certification to ensure they start on a path that will keep their skills current.

And of course, there is technology. Don’t embrace everything and don’t reject everything. Whether you like it or not, people, budgets, business goals, etc. will determine your technologies and priorities for you, no matter how much of a perfect CIO you think you are. This means you’ll have hybrid systems galore. Still, standardization is the key to minimizing personnel while keeping a high level of IT proficiency and responsiveness. This means standardizing sub-areas. For example, all switches and routers should be the same brand and family, ensuring your staff knows fewer systems really well.

Eventually consider technologies that replace hardware such as Software Defined Infrastructure (SDI), cloud based networks, event driven architectures, software defined applications, etc. These technologies will minimize costs a little, but will pay off big when your company moves, expands, or is affected by M&A. Whatever you do, keep your infrastructure as simple as possible since doing so will make it easier to protect, cheaper to maintain, and stronger to sustain growth.

Automation, automation, automation! OK, you know that guy in that department who is the very example of “shadow IT,” who got that fancy expensive software and now is no different than a man who replaces his old AM radio with a 4K HD TV and when asked how he likes his new 80 inch TV, he responds, “It’s wonderful. I love it. I just close my eyes and it sounds just like a radio!”? Yes, taking a paper process and using technology to behave exactly like a paper process is not digital transformation (a way to connect business functions to streamline operations, drive efficiency, and make loads of money). Just know that if this digital transformation is not being driven from the bottom up, it will fail and IT will be blamed (as always). Still, you can work with your staff to automate the heck out of every crank-turning IT process you own. Recently in my own company, IT successfully changed a 53 steps manual process into an extremely scalable 2 step automated process (plug laptop, press button) by increasing accuracy, reducing costs, and increasing delivery speed while freeing up a person to do higher level work. Start with baby steps and eat the whole elephant one bite at a time (to mix metaphors).

In the Defense Industry, great CIOs can’t sleep worrying about cybersecurity. Even after doing everything right, these CIOs still have to worry about hacktivist spying from other countries, criminals, terrorist groups, fanatics, sympathizers, etc. Hackers have automated and machine learning tools that test every vulnerability and when (not if) you get hacked, guess who gets blamed! Just like protecting from the cold, the key is protection by layers. These layers will not stop them, but hopefully will slow them down enough for you to detect them and mitigate them.

After interacting with thousands of CIOs over the years, I’ve concluded that the best CIOs are those who have an insatiable sense of curiosity about technology, business, and people. The fact that you are reading this article is a good clue that you are either already a “great” CIO who has that sense of curiosity, in which case I’ve already wasted enough of your time, or maybe you are at a dentist’s office waiting for your turn for a root canal. Either way, just know there is no simple or universal way to be a “great” CIO. Understand that every time you achieve something you considered a key trait of a great CIO, things will change and that goal post will be moved but that’s OK, it keeps you on your toes. To paraphrase the Dos XX guy, “Stay curious my friends!”.