Tag Archives: CIO

The IT Guy Becomes a Player


Back in the days of mainframes, the ubiquitous “IT Guy” was responsible for planning, building and maintaining in-house infrastructure, as well as developing custom solutions to automate back-office functions. And while the role evolved some over the years, the first truly tectonic shift occurred when cloud computing emerged, combined with aftershocks in the form of mobile, social and Big Data. As technology became commoditized and consumerized, some analysts suggested in-house IT would become obsolete.

In reality, the role of the IT Guy is evolving into one of greater value and significance.

Recently, IDC and Forrester Research, two of the largest technology industry research firms, released predictions that IT is poised to take the lead as companies move toward their digital futures. The reason: While many companies outsourced their initial forays into cloud and mobile applications, they can’t continue to depend on external consultancies for much longer. Digital transformation is so critical to the future of businesses, the analysts say, that relying on external parties to provide solutions will be too dangerous. In-house IT will, of necessity then, become the core driver of “how business does business.”

Taking on a more important role

Even in today’s quick moving environments, the role of the IT department has increased in value across the enterprise, as it works with various internal teams and links its goals to the wider objectives of the business. A recent survey by Forrester asked company executives to name the most important senior leader in driving or supporting business transformation and innovation, and one of the top answers was the CIO – ahead even of the CEO.

As the master of all things digital, talented CIOs are perfectly positioned to take the lead on leveraging new tech elements to help shape a business’ overall strategy – and use high-performance networks to effectively pursue it.

This new, more challenging—but much more valuable—vision of the IT Guy’s role as an innovator and strategist also seems to be widely accepted, according to a survey by Gartner Research.

The CIO as chief innovator is trending up: The Gartner survey says more CIOs are adding value to their roles by leading boardroom discussions about using cloud, mobile, analytics and social technologies to drive new product development, online marketing and other customer-facing initiatives. The research firm concludes that the perception of the CIO has evolved from an IT service provider to an enabler of digital products that support business.

And that’s only the beginning. The next great leap for businesses will be the Internet of Things (IoT), and CIOs will have the opportunity to lead by solving the challenges that will come with IoT integration.

Three types of CIOs

“IoT requires the creation of a software platform that integrates the company’s IoT ecosystem with its products and services,” says Peter Sondergaard, senior vice president, Gartner Research, adding that CIOs will be the “builders” of the new digital platforms and high-performance networks that IoT projects will require. However, while the change of role might be adventurous for some, not every CIO wants to embrace the change from being operational to innovative, according to an IDC study, “The Changing Role of IT Leadership: CIO Perspectives for 2016.”

The study outlines three types of CIOs: operational (keeping the lights on and costs down); business services manager (providing an agile portfolio of business services); and chief innovation officer (business innovator).

Business innovator is the role CIOs must play in order to have a meaningful future, says Michael Jennett, vice president for enterprise mobile strategy at IDC.

“For these executives to stay relevant, they must shift their focus to transformation and innovation,” he adds. “CIOs who stay operational will find themselves further marginalized over the next three years.”

The big question for many businesses, then, is will the IT Guy be prepared to incorporate an understanding of the company’s mission and develop value-added strategies to generate, as Jennet says, “revenue out of what you do.”

Interestingly, the IDC study found that while more than 40 percent of line-of-business executives view the CIO as an innovator, only 25 percent of CIOs describe their own role that way, with more than 40 percent viewing themselves as primarily operational, and 34 percent as business service managers.

However, with global digital commerce revenue at over $1 trillion annually, CEOs see digital as fuel for growth, and expectations for IT departments are running high. To succeed in this environment, and bring value, the IT Guy needs to rise to the occasion and take on responsibility for digital innovation, as well as maintaining the infrastructure.


Rise of the CISO: Why the C suite needs a security chief

The CISO role is growing in popularity, but what does it actually mean for your business? Here’s what the role is responsible for and why CISOs are multiplying in the enterprise.

Businessman Showing A Shield Symbol

The latest c-suite executive role to step into the spotlight is the chief information security officer, or CISO. Even more focus was put on the CISO role when, in February, President Obama announced that the US government was planning to hire its first ever Federal CISO.

Obama’s announcement further justified what many organizations were already doing, which was assigning a specialized executive over security issues, instead of leaving them to be handled by the CIO or CTO, whose top priorities are typically a mix of innovation and operations. And, while the CISO is not a new role, it is still gaining popularity in the enterprise.

So, we’re going to break down what it is and why you might need one. Let’s start with defining the role.

What is a CISO?

Simply put, the goal of the CISO is to protect the business at all costs against present and future digital security threats.

Andrew Hay, CISO at DataGravity, said, “The CISO role is a true hybrid role that is responsible for implementing, defending, measuring, and communicating the security and privacy strategy of the organization to all of its stakeholders.”

And that “all stakeholders” bit is key—the CISO isn’t going to hold court with the executive team only. True CISOs will be working with employees, customers, and other partners as well, Hay said.

Additionally, the CISO role isn’t the typical “vision caster” most people associate with a CXO title. The CISO role is a mixture of strategy/big picture thinking and tactical skills. Most CISOs are coming from an IT security background, so they know how to directly implement and work with the systems they are recommending.

 In terms of who they report to, Entertainment Partners CISO John Tooley said that he believes the majority report to specific executives, and not just the CEO. In his tenure, he said he has reported to the CIO and CTO. Other CISOs may report to the COO or the CFO.

What does a CISO do?

In a broad sense, the CISO’s functions revolve around risk—identifying risk, assessing risk, presenting risk, and implementing programs to combat it. The difficulty in the role, Tooley said, is doing these things in a way that makes sense to the business, but is also effective in driving real change.

Identifying and assessing risk are skills that are typically developed as a combination of the training a CISO has received throughout his or her career and the sense of intuition that develops over a long time spent in the industry. Presenting the risk becomes a bigger challenge in that it requires specific communications and sales skills to get other leaders on board with a solution.

“As opposed to other C-level executives, I think there is more of a communication challenge, taking highly technical language and translating it into business value and need. There is also the balance that needs to be struck between empowering employees and securing the enterprise, since insider threats represent one of the biggest security concerns,” said Ari Lightman, director of the CISO Program at Carnegie Mellon University’s Heinz College.

The CISO must champion the organization’s security in all that he or she does, setting security goals and milestones to help measure the success of that strategy. Lightman said some of the day to day functions that comprise the role may include the following:

  1. Secure the enterprise’s digital assets
  2. Educate and train employees and the extended ecosystem on security best practices and procedures
  3. Define and monitor access and permissions
  4. Hire and train security personnel
  5. Define budgets for security equipment and training
  6. Work with other C-level executives to ensure compliance with security procedures

And, that above list is not exhaustive. Ultimately, a CISO’s role will also be shaped, in part, by the needs of the industry they operate in and the needs of their employer.

The rise of the CISO

So, why are we seeing the CISO rise to prominence now? For starters, security is no longer purely a technological issue, and can no longer be constrained solely to IT.

“So there is awareness among senior management now that information security is really a risk issue, and risk is a business challenge that needs broader solutions.,” Tooley said.

Another big issue is growth—there’s just more technology in the workplace than there has ever been before and it’s affecting organizations in new and interesting ways. The addition of DevOps, cloud, IoT, BYOD, and big data mean that the attackable surface is growing as well, and it needs a guardian.

“As a result, industry guidance, regulatory compliance standards, and the realization that security is a key component in business continuity and operational excellence, has led to the realization that the safety, security, and compliance of a company’s IT and information assets require an advocate at the highest level,” Hay said.

The 3 big takeaways for TheDigitalAgeBlog readers

  1. The CISO is an executive role that combines technical expertise with strategic vision to champion a security strategy for an organization.
  2. The CISO is responsible for acknowledging, analysing, and presenting risk. The communication of risk requires specific skills to help “sell” the solutions to mitigate against potential threats.
  3. The role itself is growing because the breadth of technology being implemented in business continues to grow. A CISO must understand how security risks affect the bottom line as well how they impact IT operations.