Posts Tagged ‘ceo’

« Older Entries
Newer Entries »

Vulnerability Management: The CIO’s Other Job

Monday, July 6th, 2009

CIOs Will Get The Blame If They Don't Do A Good Job Of Vulnerability Management

The role of a CIO is to find ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more. As part of this task a CIO needs to take steps to ensure that nothing happens that would prevent this from happening. This side of the job is not nearly as glamorous; however, it is at least as critical. What can a CIO do to ensure that

nothing bad happens

to a firm’s IT systems?

The Job Of Vulnerability Management

The first step in ensuring that a firm’s IT systems continue to allow the company to move forward is to come to terms with the real world. This means that CIOs need to acknowledge that the world can be

an ugly place

and there will always be outsiders

who want to do harm to your firm

. The person in the firm who will be most interested in what is being done to defend against attacks on IT systems will be the

CFO

. When discussing vulnerability management with the CFO, the CIO needs to explain that at its heart it’s really just the principles involved in

risk management

combined with

practical logic

and an understanding of

business value

for the firm.

How To Do Vulnerability Management

Although a CIO won’t actually perform the process of Vulnerability Management, he /she is responsible for ensuring that the program is

set up correctly

. This means that the three key components of a Vulnerability Management program need to be put in place:

  • Data Collection Needs To Be Integrated: Attacks on your IT systems rarely show up all at once. Instead, there is a sequence of minor events that occur as your defenses are probed looking for weaknesses. Having all of your data on system configurations, patch status, and access management polices in one place is a critical part of providing you with the ability to identify issues and respond proactively.
  • Prioritize Based On Business Value: Look, we are all busy and have too little time and budget to begin with. If you understand the value of each IT system, then you can allocate resources appropriately. Not all events require a full blown response – low value systems can be monitored further. Defenses for such can be augmented on your schedule as opposed to on an emergency schedule.
  • Improve, Improve, Improve: Vulnerability management is not something that can be done once and then forgotten about. The world is constantly changing and your program will need to be constantly being refined to adapt to new threats.

Final Thoughts

A CIO can do a great job of empowering the rest of the company to accomplish wonderful things; however, if the firm’s IT systems are compromised then all of the good that he/she has done will be

forgotten in a flash

. A well executed vulnerability management program provides a way to defend the firm against a cruel world. CIOs who follow the three steps that we’ve discussed will have

found a way

to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Does your firm currently have a vulnerability management program? Have you taken the time to assign a business value to each of your IT assets or does everything have the same value? Do you constantly refine your vulnerability management program based on changes in you IT systems and the direction of your business? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

What does it take to do a really good job of securing your company’s systems and data? Is it just a matter of picking and implementing the right software or hardware solution? Is there a consulting firm that you can pay millions to who will come in and take care of this problem once and for all? Bad news – the answer is no

Tags: , , , , , , ,
Posted in security | 2 Comments »

Can HP Survive? Do They Have The Secret CIO “Juice”?

Monday, June 8th, 2009
Mark Hurd Has Done Wonders At HP - Now Can He Find Enough Innovation?

Mark Hurd Has Done Wonders At HP - Now Can He Find Enough Innovation?

HP’s CIO Randy Mott has done some fantastic things in helping to turn the company around. However, now things are starting to get tricky and it’s not clear that the company is going to be able to continue to be successful. Everyone seems to think that what they need is a shot of that “innovation juice” and it’s not clear that Randy’s going to be able to deliver it…

What HP Did Right

Ok, so let’s admit it – HP had lost their way under Carly Fiorina’s guidance. They brought in Mark Hurd as CEO (who then brought in Randy Mott as CIO) to turn things around. Hat’s off to Mark – he’s done a great job.

Ashlee Vance over at the New York Times had a chance to talk with Hurd awhile back and he revealed that he sees HP in terms of four “quadrants“. These quadrants include operations, products, business & technology trends, and competitors.

Clearly Hurd has an analytical outlook on life – many people have remarked on just how good he is with balance sheets and dealing with numbers in general. It turns out that this is both good and bad.

The Problem That HP Has Now

HP has done a fantastic job of cutting staff, reducing costs, and negotiating great deals on parts. Having achieved just about all of the benefits that one can get from doing these types of actions, the question that comes up is “what next?”.

Shareholders like growth and in the immediate past, HP’s been growing by cutting. Now that that’s all done, how will it maintain its growth? This is where that pesky thing called innovation comes in…

Old Solutions Won’t Work!

HP used to be able to count on the famous HP labs to come up with new product ideas that would show them the way forward. However, in the current era of budget cutting and project justifications, HP has shrunk the number of projects that their labs are working on from 130 down to about 50. That may not be enough to have enough of those “eureka” moments where breakthroughs happen.

Next Steps For HP

The trick here is to find a way to recapture that “juice” that a technology company like HP needs to have in order to survive. This is exactly where CIO Randy Mott should step in.

As CIO of HP, Randy is in a unique position to help Hurd out. Since HP sells information technology products and services, their very own CIO is the person who can help them evaluate which ideas they need to run with.

Yes, yes – both Hurd and Mott like to run a tight ship with metrics ruling the day. I believe that that time has come and (partially) gone. Now is the time for Mott to throw open the doors to his IT department and start up some trial projects and initiatives. HP is so large that they could easily run multiple evaluations in parallel.

Final Thoughts

HP has made a remarkable comeback from the brink of despair. However, as they try to move forward, innovation and clever sparks of imagination are what’s going to be needed. HP’s CIO Randy Mott has the resources and the talent in his shop that would allow HP to use itself as a testing ground for encouraging its employees to make suggestions and have them tried out. Let’s see if they make the most of this opportunity…

Questions For You

Has your IT department lost its spark of creativity due to relentless efforts to drive costs out of your organization? Do you think that just having a highly efficient organization is all that is needed or does innovation also play a role? What do you think HP could do in order to re-awaken its innovation engine? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when
The Accidental Successful CIO Blog is updated.

Coming Up Next Time

What would you say is the biggest challenge that CIOs are facing today? All that today’s CIOs seem to get a chance to talk about is costs. What’s missing here is a way for CIOs to communicate in a company-wide manner just how much value the investments that the company is making in IT are returning – the revenue of IT if you will…

Tags: , , , , , , , , , , , , , , , ,
Posted in innovation | 4 Comments »

CIO Lessons From A Mouse

Wednesday, May 27th, 2009
The Chairman Of Disney, Robert Iger, Has Lessons For CIOs

The Chairman Of Disney, Robert Iger, Has Lessons For CIOs

Robert Iger is the CEO of the Walt Disney Company. You know, the guys with the mouse. When you are in charge of a company that is that big, and that diverse, you need to have a special set of skills to keep everything together. Iger has a lot to teach CIOs who want to do their own management job better.

All About Bosses

Iger told the New York Times that he encountered his first boss when he accepted a job at ABC. To this day Iger remembers that once upon a time that boss told him that he “…was not promotable.” Clearly, this was not a good boss.

In thinking back over his other bosses Iger credits them with showing him how to be a perfectionist - teaching him how to do top-notch work every time, trust - especially when it comes to managing people, and creativity - in everything that you do.

The most important leadership lesson that his past bosses have taught him is that the ability to always have optimism is a very important part of being a successful leader. Keep in mind that some realism must come along with this or nobody will ever believe you. The flip side to this is to realize that nobody will every willingly follow a pessimist.

Advice To CIOs

Iger says that patience is extremely important. Too often people set goals for themselves and for their departments that are just flat out unrealistic. When you don’t achieve these goals, that’s when people get impatient and state to make poor career decisions. Clearly that is a big mistake to be avoided.

How About Time Management

Iger’s day starts at 4:30am. He’s a habitual multitasker and so he uses this quiet time to surf the net, watch TV, and exercise. He says that the key to having a successful day is to make sure that you stay focused all day. Even realizing that, Iger admits that during the course of a long day, he too starts to unravel at times.

When he needs to unwind, Iger unplugs and spends time playing Scrabble - he’s got a love for word games.

Questions For You

Do you think that you have the patience that it would take to run a company as large as Walt Disney? What do you remember about your worst boss? How about your best boss? How do you start  your day? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when
         The Accidental Successful CIO Blog is updated.

Coming Up Next Time…

Just what do CIOs spend their time doing? Many people thing that a CIOs time is spend pondering grand strategy decisons. However, the reality is that a great deal of a CIOs time is spent worrying about internal controls – not terribly glamorous, but critical if a CIO wants to keep his / her job. Just what controls need to be worried about is the key to long term CIO success…

Tags: , , , , , , , , , , ,
Posted in management | No Comments »

What CIOs Need To Know About Performance Management

Monday, April 13th, 2009
Companies Don't Need Business Intelligence Without Performance Management

Companies Don't Need Business Intelligence Without Performance Management

Unless you’ve been asleep for the past couple of years, you’ve probably had a chance to read about the Business Intelligence (BI) fad that seem to have taken over the IT market.

The basic idea is pretty simple: use an application to crunch all of that complicated data that you’ve been gathering and present a simple dashboard to the CEO or whomever is making decisions. If the light on the dashboard is green, then the business is doing well. If its red, then he / she needs to make some changes. As with all such things in life, cool tools often turn out to have a downside.

It turns out that BI tools and the reports that they generate are IT centric. This means that the rest of the company agrees that they look cool, but they don’t find them as useful as we would like them to. It turns out that what they’d really like to have is performance management (PM) tools.

Performance management is defined by business needs and it provides the business’ decision makers with the data that they require in order to make the right moves in order to execute the business’ strategy.

PM shows up in a bunch of different places inside of the company. You’ll see it in the budgeting & financial processes (there it’s called “corporate” or “financial” PM). You can also find it on the operational side of the house. This is where BI is used to get more insights into supply chains, sales, customer service, etc.

I guess the easiest way to communicate the difference is to point out that BI is often about dashboards and scorecards. BI has been based on things that can be collected and measured. Where PM differs, is that it’s based on where the company WANTS to go.

This means that PM tools have to be created by consolidating  disparate data that is often stored in planning / budgeting spreadsheets. Then these planning activities and strategies then need to be transformed by both the business and IT into scorecards and key performance indicators (KPI).

The thing that sets PM apart from BI is that the information that IT collects to support a PM process is tied to a model or a framework for measuring performance. In finance, this model is the company’s budget. However, once you move outside of finance then IT and the business need to work together to create a budget that they can both live with.

Does your company currently use BI tools? Are they useful or are they just a set of pretty dashboards that sit around? Do you make use of performance management? Does your IT department work with the business to create performance management processes? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , ,
Posted in business alignment | 1 Comment »

Getting & Keeping IT Top Management’s Attention

Wednesday, February 18th, 2009
Getting Senior Management To Stay Involved In A Project Can Be Hard To Do

Getting Senior Management To Stay Involved In A Project Can Be Hard To Do

In my humble opinion, one of the key contributors to why so many IT projects fail is because of simple neglect. I guess the best analogy is if you were starting to drive down a highway road. When you started driving, you’d keep your hands on the steering wheel and make sure that the car was going in the correct direction and that it stayed on the road. However, if later on you took both of your hands off of the wheel, then the car would start to drift and would eventually plunge off of the road.

IT projects seem to follow this same path: when they are kicked off, everyone, including senior IT management, seems to have their hands on the steering wheel. However, as the days, weeks, months go on it sure seems like nobody is holding on to the wheel any more and the project tends to start to drift. All too often, more people are then thrown at the project or, worse yet, the schedule is reduced which causes the project to speed up. This just makes the eventual crash all that more spectacular.

So none of this discussion is news to us IT folks – we’ve seen it over and over again. What we need to find is a way to stop this from happening. Jesper Simonsen is a European professor who has spent some time studying this problem. He’s come up with some suggestions as to how we can go about fixing it.

Simonsen believes that the key to getting senior IT management involved in a project is to use participatory design so that they feel that they have contributed to the solution. The specific technique that he believes can be used to make this happen is called “problem mapping“.

Too many IT staffers solve problems by sitting in their cubes and dreaming up new ways to deal with old problems. Participatory design requires IT staffers to deal with a problem directly. They share their views on the problem and then they offer their suggestions as to how IT can be used to solve the problem.

In order to engage senior IT management, they need to be involved in this development of an answer to why IT needs to be involved in solving the problem. This is where problem mapping comes in.

Problem mapping is designed to allow the argument regarding if and how IT should be used to solve a problem to be evaluated. It provides a means by which the argument can be visualized and helps in seeing the structure of the argument.

When you use problem mapping, you create a table that has four columns with the following headers:

  • Problem / Need
  • Causes
  • Consequences
  • Solutions

The real power of using a problem map is that it will force all involved to talk about what they see as being the real problem. The link between what they are proposing as a solution and the original problem is very clearly shown.

The key point to make here is that by making the whole problem solving process so visible, you will actively engage the top management in the process. They will be given an opportunity to sit back and challenge, make changes to, and review the solution that is being created before their very eyes.

Once you’ve achieved this level of participation at the start of a project, the senior IT management will remain involved during the entire project because they will better understand what is being done and they will feel as though they have contributed to the solution.

Do you have problems keeping your senior management involved in projects after they get started? What have you tried to improve their involvement? Was it successful? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , ,
Posted in business alignment | 1 Comment »

« Older Entries
Newer Entries »