People often ask us how to become a CIO. Happily, our expert Scott Lowe has offered to detail exactly the path he took — and the many steps required — to become a CIO:
This month’s topic here at SearchCIO-Midmarket.com is career management. It happens to overlap with what has become a period of significant change in my own career path. Recently, I left my CIO role and this week, I shared with you the lessons I learned along the way. Here’s my story of the steps I took to become a CIO and the experiences that supported my CIO career.
In 1994, I had just completed two years at a community college as a computer science major and had planned to transfer to a four-year institution to complete a Bachelor of Science degree. However, at the urging of my father, I applied for a job with a title of telecommunications technician for a New York state agency charged with supporting the efforts of K-12 school districts. I quickly grew to love what I was doing and made the decision to forgo — for a time — that computer science degree. I discovered that the job title was a bit misleading, as I was responsible for designing both voice and data networks, managing servers, developing and maintaining complex databases and directly supporting users. It was certainly a “jack of all trades” kind of job. I learned that I liked being a generalist.
During this period of time, I set a personal goal to become an IT director by the age of 35. It was sort of an arbitrary deadline but seemed reasonable. Four years later, I moved to my next job, where I managed the systems and network and services department for a college. Here, I got my first real taste of management and worked for someone that was willing to help me develop in this space.
Bear in mind that I was 24 years old; now, at the ripe “old” age of 38, I can say that I was a kid and I did what many kids of the male variety do … I followed a girl. I moved to the Washington, D.C., area. The girl is now history, but what I gained in that transition has been incredible. This was during the dot-com days, so moving around was more accepted. My first job in D.C. was not a good fit; I was bored, and it showed. After less than a year, I moved to a financial services firm on a contract basis, where I learned the ins and outs of working in a large-scale hosted environment. Although I’ve worked primarily in small settings, this “big shop” mentality really helped me build robust environments later.
By the time the contract was over, I had secured my first senior IT management position for a nonprofit association. I managed a team of two. We spent the next two-and-a-half years building custom content management systems for state agencies and creating communication solutions for the association membership.
My goal was to become an IT director at 35, but sheer luck helped me make it happen seven years sooner.
I also got married. My wife and I had our son in December of 2003. Although I’d been through a number of job changes and had moved a lot, having a child was, by far, the most impactful event of my life. We did it again in February of 2005, when our daughter was born. Why do I include these events? Because these life events have had more of an impact on my career than all of the planning in the world ever could! I mean that in the most positive way possible; my wife and kids are the most important things in my life.
My wife made the decision that she wanted to stay home with our children. Living in the D.C. area on one salary was simply not an option. Since I loved working in higher education, I chose an IT director position at a small private college in upstate New York, just 30 miles from my hometown. I learned how to manage a larger team of 15, to delegate better, undertake larger projects and work across a larger organization. I made another move to a CIO position for a small, private college in Missouri in 2006. Although a small organization, the work was more complex and I engaged with the organization in a much deeper way, managing technology and undertaking and leading major, non-IT focused organization-wide projects.
Unfortunately, as is often the case, financial challenges and crises in leadership reared their heads in the organization. For the first time in my career, I felt “burned out.”
My stress level was off the charts. I realized that, with that state of mind, I was about to become a CIO who wasn’t helpful to the organization or to my team. I saw no light at the end of the tunnel and felt that it was no longer possible to achieve my goals at work. The organization needed someone that could better meld with the emerging culture, and that wasn’t me. It was time to go. Luckily, I’ve built a solid history as a consultant, trainer and writer, which can sustain my family while I decide on my next CIO role. — Scott Lowe
You never know where you might gain more insight on the responsibilities of a CIO. Somewhere along the line, my job title and the websites I work on got mixed up, and as a result I often am confused with the CIO of TechTarget. This, of course, is not true.
This might sound like a step up in the world, or it could even be amusing, except for the fact that about half the external calls and emails I get address me as TechTarget’s CIO. Comparing solicitations from media relations staff with those I get from salespeople who think I’m the CIO reveals very different assumptions on the part of the senders. Media requests are generally friendly and respectful of my time. Sales pitches are aggressive and pushy — almost rude, in my opinion. The salesperson doesn’t ask if I have time available; he says something like, “I have to talk to you now, please respond.” It’s the email equivalent of those guys lining Las Vegas streets pushing flyers into your hands.
I told TechTarget’s real CIO that I feel sorry for him, and asked how he deals with it. He said he tries to screen out as much as possible; and when it comes to buying products, he decides when and where he will respond to something that he might need. Better yet, he or his staff will perform their own research and reach out to a vendor or solution provider themselves when it’s time.
This experience has given me better insight into the demands put on CIOs, which I think everyone takes for granted. Given everything being asked of CIOs, from being a technology tactician to being a strategic innovator, the most difficult piece has to be finding time to give adequate attention to everything. As a result, there doesn’t seem to be any time for career development or advancement.
Take some time to evaluate where you are in your career in 2012, and see what other kinds of opportunities await.
Whether you’re experiencing the end-of-year slowdown or a flurry of last-minute requests along with annual performance appraisals, December is always a little out of the ordinary. Here’s our weekly summary of the best and brightest links from the blogosphere, hoping to light up your winter solstice with news of Facebook resistance, a sign of economic growth and free airport Wi-Fi during the holiday travel season.
• Is resistance futile? Not if you’re practicing Facebook resistance.
• Don’t you hate it when family asks you what you want for the gift-giving holiday of your choice? Here’s a quicky list of techno geek gift ideas to help you out. Who wouldn’t want a shower-proof notepad?!
• Going somewhere for the holidays? VoIP vendor Skype will be offering free Skype Wi-Fi in 50 U.S. airports from Dec. 21 through Dec. 27.
• Good news for once: Credit availability will increase in 2012.
• Were you a calculus nerd in high school? 2012 is going to be your year, according to Derrick Harris.
• One of the secrets to success is seeking perfection, says the Chobani yogurt king, Hamdi Ulukaya.
• We’re all looking for ways to put our customers first without killing our budget in the process. Emily Heyward has three commonsense ways to put your customer first.
• A California judge may have just added to the growing Facebook resistance: The judge has ruled that Facebook’s method of advertising is in direct violation of a California commercial endorsement law.
Mark Twain is attributed with the saying, “There are three kinds of lies: lies, damned lies and statistics.”
Any CIO faced with a meaningless key performance indicator (KPI) scorecard and performance dashboard knows that feeling about statistics: They can paint a rosy glow on your IT team’s performance, while anecdotal evidence tells a different story.
It’s a discussion that I had recently with our senior news writer, Linda Tucci, when it comes to outsourcing KPIs. My argument is that if you allow your consultants or your outsourcing team to designate the metrics and the KPI scorecard — essentially to grade themselves — the metrics themselves fall into question. In theory (and I know of at least one situation where this actually happened) they could lie outright about their own performance, especially if it’s tied to their own revenue stream.
The problem with metrics, KPIs, dashboards and every other self-performance measurement that we try to put into place is this: At best, you get exactly what you’re measuring; at worst, someone games the system but you take the numbers at face value.
A great example of a bad series of metrics comes from my tenure managing a newly outsourced help desk. One of the metrics was the number of completed issues (aka closed tickets). After three months, the contractor numbers were in the green, with greater than 99% of all tickets closed. The onshore help desk had never managed even to graze 97%, so senior leaders were ecstatic! Unfortunately, the user satisfaction scores were in the toilet. What the KPI dashboard wasn’t showing was that the number of user problem tickets had gone through the roof. Further root cause analysis revealed that when users called in, the agents closed tickets as soon as the call was completed, rather than keeping the ticket open to make sure that the actual problem was solved. When the user called back, they generated another ticket and another “solution” as soon as the agents got the user off the phone. Lather, rinse and repeat, with one user problem generating as many as 10 tickets in less than a week’s time.
It was our own fault. We weren’t measuring the actual solution and the users’ satisfaction. Aside from the obvious fact that a completed issue is a meaningless metric in the first place (all issues are not equal), the internal help desk staff members hadn’t needed an artificial construct to encourage them to satisfy the users — the members of the small, four-person team had known that if they didn’t solve the problem on the first pass, when the user called back, the help desk would pass the user through to the original agent. They worked with the product development team to deflect potential user problems proactively, and trained users as much as they helped them with problems. Why? Because we staffed four agents regardless of call volume — that bit of extra work made the agents’ lives easier in the long run. However, with the new outsourcing model, the contracted agents were staffed for call volume. Seemed like a good idea at the time, but why solve a problem if it means that your own hours are going to get cut next week?
We didn’t measure the user satisfaction KPI because it had been an invisible KPI all along. We changed the variables (the help desk agent structure) and were surprised when the same metrics no longer yielded similar results. Shame on us.
We are predicting (along with everyone else) that 2012 will be the Year of Big Data, but the devil is in the details. For some CIOs, the hardest thing they ever tackle will be their very own subset of “small” data on their very own KPI scorecard. May it be more valuable than Twain’s bemoaned statistics.
What are you doing about cloud security planning? I say planning because, in a survey of attendees at the recent SearchCompliance.com Making the Case for the Cloud virtual seminar, more than half of the IT professionals responding said they don’t have a cloud strategy in place — though 100% said they would within the next year.
The point is that a cloud security strategy should be part of a cloud plan from the beginning. How that plan gets formulated is up for grabs, however. Responding to an instant poll taken during one seminar session on cloud incident response, 45% said their cloud security plan consists of reliance on SAS 70 Type II audit reports; another 32% said they rely on service contracts and lawyers to sort out the details; and 23% answered that they “can’t get management on board” for any security plan.
That’s pretty shocking. Even overlooking the 23% who are throwing up their hands, the other two options are not much better, certainly not by themselves. The SAS 70 standard was not designed with cloud security in mind.
According to IT security consultant Kevin Beaver, the speaker in the incident response session, SAS 70 had its place but is being phased out. “But it’s not that simple,” he said. “The bottom line is, you have to dig in deep; you can’t just assume that if everything checks out in the SAS 70 Type II audit report, everything must be fine. Because that is not the case, based on what I am seeing in my security work.”
First steps for cloud security planning? Get a good lawyer, a good security consultant and your CEO, and put them in a room together. Order lunch. And get down to business.
We all know that the secret to project management often can be boiled down to your team members. We’re currently in the process of collecting nominations for our SearchCIO-Midmarket.com IT Leadership Awards and often when I contact the nominated leaders to confirm their nomination information, they protest that they themselves were only leading a team. (I love those protestations, by the way, as it’s the sign of a great leader and it means that our IT Leadership Award nominations are spot on.)
Today, instrumental VP at Google Marissa Mayer is speaking at LeWeb in Paris. During the Q&A portion, she was asked what the secret is to be a great project manager. She thinks project management lives and dies through the interview with potential team members. Because Mayer’s candidates are already technically vetted before they ever get to the interview table, she is free to really get a feel for the potential team member through a series of surprising interview questions.
For instance, her favorite question is “What’s the coolest thing you’ve seen in the last six months?” Their answer will reveal what kinds of things they are exposed to and how those exposures influence them. Mayer also asks “What do you own that you love?” which is designed to reveal what the candidate is emotional about and helps Mayer grok how well the person will be able to emotionally connect to the products that they are designing and the Google customer experience.
That’s some pretty psychologically brilliant questioning. One could make some fairly sound judgments about a candidate who answered “my new iPhone 4S with the Siri personal assistant” versus “the Christmas ornament that my great grandmother left me in her will.” Which of those things is the right answer, according to Mayer? I suspect it might be the latter.
By the way, we’re still accepting nominations for the SearchCIO-Midmarket.com IT Leadership Awards. And no, we won’t think you’re being narcissistic if you nominate yourself. You can’t get ahead in the IT industry without celebrating your own successes, and this is a perfect time to do just that.
The comments invite you to share the coolest thing you’ve seen in the last six months. Who knows, it just might get you an interview with Google’s Marissa Mayer!
About a year ago I moderated a panel on cloud computing services adoption in health care. A quick poll of the audience indicated that security was the No. 1 reason why their organizations were not using the cloud or were taking their own sweet time in figuring it out.
The panel of technology vendors tried to assuage fears that security issues could hinder cloud opportunities. One panelist compared the situation to online banking: What once was unheard of is commonplace now.
Still, adoption has been slow — and not coincidentally, because health care is an industry where data privacy has to be part of the fiber of its being. And if the state of security in health care is any indication, the industry has more pressing problems than deciding whether it should go cloud.
That could be the problem, however. Despite the myths about the cloud, maybe it’s where some companies can find more security than they are currently able to enforce themselves. For more information on strategies for making cloud the next step in your enterprise and security strategies, check in on the SearchCompliance.com cloud security virtual seminar Wednesday, Dec. 7.
Each week, we mine the Web for the jewels of knowledge that appeal to CIOs. This week, we’re looking at the trend of using the Kindle Fire in business, what compels women to quit their IT teams and the expanding reach of the Data.gov website.
We’re still not entirely on board with the iPhone 4S voice-controlled assistant Siri; apparently Siri has a problem understanding the Indian accent.
The half-life of a tech worker is about 15 years, according to Matt Heusser. We’re feeling old right now, how about you?
Get ready for some BIG big data. The White House is open sourcing its Data.gov website and taking it global.
With the holiday tech season in full swing, this year’s big mover and shaker is Amazon.com’s Kindle Fire tablet. The company plans to ship almost 4 million Kindle Fire units in Q4 2011. But can you use it for business?
Tired of all of those blog posts about how to keep women in information technology? Here’s how to get those women to quit so you don’t have to worry about it anymore.
You might want to watch your credit card statements over the next few weeks. The hacker group Anonymous is pulling a Robin Hood: It’s attacking the finance industry by removing funds from credit card accounts and donating the stolen money to charities around the globe. (If you see something odd, notify your financial institution for reimbursement.)
Where do you fall in the argument about using the iPad 2 versus the Kindle Fire for business?
It’s every CIO’s worst nightmare — that panicked call when you least expect it, delivering the worst possible news: “The firewall has been breached.” We know that you do everything possible to avoid that gut-dropping moment, so we’re letting you know that today might be the best day possible to force your users to do a Java software update. It seems that Oracle Corp. detected a major Java vulnerability a few months ago and fixed it. But now the folks who live to create chaos and disorder have picked up on the weakness too. According to the National Vulnerability Database (NVD):
“Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.”
How bad is this? The NVD has scored it 10 out of 10. This isn’t Jabba the Hutt bad or even Darth Vader bad — it’s The Emperor of all Java Vulnerability bad.
Java is historically a bit of a screen door for corporations in the first place. It doesn’t use the same engine for updating as Windows or Adobe Flash do, and the Java software update tends to get overlooked by IT. Considering that it’s a huge, overreaching software that affects users of Windows, Linux and Mac OS X, it’s the perfect opportunity for malicious programmers to exploit and “weaponize.” Even if you deployed a Java software update in mid-October, you might still be at risk — JRE 7 and 6 Update 27 and earlier are still at risk, according to security expert Brian Krebs.
Krebs managed to sneak into one of the exclusive hacker cybercrime communities and obtained a hacker video demonstrating how the hackers can exploit the Java vulnerability. It’s worth checking out, if only to see exactly how the criminals can easily take control of your users’ machines.
And of course, it would be worth the time to take a peek at your Java software update and make sure that your users aren’t going to accidentally stumble on an infected page or ad while using Mozilla Firefox or Internet Explorer — especially if they are still using Windows XP. There’s no time like the present.
The wave of optimism that began with advancements in smartphones and tablets that could enable a new generation of bring-your-own-device employees has been taking some strange zigzags of late.
The first “zig” is that a major health care provider is taking steps to restrict workers’ Internet access as a result of an out-of-control malware problem.
The latest “zag” comes from Thierry Breton, CEO at Atos, a French IT services firm. He wants to institute a zero-email policy within the next two years.
This could be a shock to old-school users, who still live and breathe in their email application eight hours a day. But it could be a boon to up-and-coming Millennial-generation workers, who spend most of their time on devices communicating through social networks.
In my case, I’m playing in both the old and new schools. I take notes on my iPad, then email them to myself for future reference. That might go against the common sense of Nicolas Moinet, information and communication professor at Poitiers University in France: “We have now reached crazy situations where employees go to a meeting, continue to send emails and then ask colleagues present to send them an email to know what was said during that meeting.”
There’s a level of the absurd in this, but banning email? Like cutting off employees to the Internet, this latest attempt to get control of things will end up causing more problems. I like the out-of-the-box thinking espoused by Breton, but we need to rein in some workable solutions.