CIO Symmetry

December 20, 2011  9:15 AM

Responsibilities of a CIO: Long on demands, short on time

Scot Petersen Scot Petersen Profile: Scot Petersen

You never know where you might gain more insight on the responsibilities of a CIO. Somewhere along the line, my job title and the websites I work on got mixed up, and as a result I often am confused with the CIO of TechTarget. This, of course, is not true.

This might sound like a step up in the world, or it could even be amusing, except for the fact that about half the external calls and emails I get address me as TechTarget’s CIO. Comparing solicitations from media relations staff with those I get from salespeople who think I’m the CIO reveals very different assumptions on the part of the senders. Media requests are generally friendly and respectful of my time. Sales pitches are aggressive and pushy — almost rude, in my opinion. The salesperson doesn’t ask if I have time available; he says something like, “I have to talk to you now, please respond.” It’s the email equivalent of those guys lining Las Vegas streets pushing flyers into your hands.

I told TechTarget’s real CIO that I feel sorry for him, and asked how he deals with it. He said he tries to screen out as much as possible; and when it comes to buying products, he decides when and where he will respond to something that he might need. Better yet, he or his staff will perform their own research and reach out to a vendor or solution provider themselves when it’s time.

This experience has given me better insight into the demands put on CIOs, which I think everyone takes for granted. Given everything being asked of CIOs, from being a technology tactician to being a strategic innovator, the most difficult piece has to be finding time to give adequate attention to everything. As a result, there doesn’t seem to be any time for career development or advancement.

Take some time to evaluate where you are in your career in 2012, and see what other kinds of opportunities await.

December 19, 2011  5:50 PM

Should you practice Facebook resistance?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Whether you’re experiencing the end-of-year slowdown or a flurry of last-minute requests along with annual performance appraisals, December is always a little out of the ordinary. Here’s our weekly summary of the best and brightest links from the blogosphere, hoping to light up your winter solstice with news of Facebook resistance, a sign of economic growth and free airport Wi-Fi during the holiday travel season.

•  Is resistance futile? Not if you’re practicing Facebook resistance.

• Don’t you hate it when family asks you what you want for the gift-giving holiday of your choice? Here’s a quicky list of techno geek gift ideas to help you out. Who wouldn’t want a shower-proof notepad?!

• Going somewhere for the holidays? VoIP vendor Skype will be offering free Skype Wi-Fi in 50 U.S. airports from Dec. 21 through Dec. 27.

• Good news for once: Credit availability will increase in 2012.

• Were you a calculus nerd in high school? 2012 is going to be your year, according to Derrick Harris.

• One of the secrets to success is seeking perfection, says the Chobani yogurt king, Hamdi Ulukaya.

• We’re all looking for ways to put our customers first without killing our budget in the process. Emily Heyward has three commonsense ways to put your customer first.

• A California judge may have just added to the growing Facebook resistance: The judge has ruled that Facebook’s method of advertising is in direct violation of a California commercial endorsement law.

December 16, 2011  4:57 AM

Can you trust your KPI scorecard?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Mark Twain is attributed with the saying, “There are three kinds of lies: lies, damned lies and statistics.”

Any CIO faced with a meaningless key performance indicator (KPI) scorecard and performance dashboard knows that feeling about statistics: They can paint a rosy glow on your IT team’s performance, while anecdotal evidence tells a different story.

It’s a discussion that I had recently with our senior news writer, Linda Tucci, when it comes to outsourcing KPIs. My argument is that if you allow your consultants or your outsourcing team to designate the metrics and the KPI scorecard — essentially to grade themselves — the metrics themselves fall into question. In theory (and I know of at least one situation where this actually happened) they could lie outright about their own performance, especially if it’s tied to their own revenue stream.

The problem with metrics, KPIs, dashboards and every other self-performance measurement that we try to put into place is this: At best, you get exactly what you’re measuring; at worst, someone games the system but you take the numbers at face value.

A great example of a bad series of metrics comes from my tenure managing a newly outsourced help desk. One of the metrics was the number of completed issues (aka closed tickets). After three months, the contractor numbers were in the green, with greater than 99% of all tickets closed. The onshore help desk had never managed even to graze 97%, so senior leaders were ecstatic! Unfortunately, the user satisfaction scores were in the toilet. What the KPI dashboard wasn’t showing was that the number of user problem tickets had gone through the roof. Further root cause analysis revealed that when users called in, the agents closed tickets as soon as the call was completed, rather than keeping the ticket open to make sure that the actual problem was solved. When the user called back, they generated another ticket and another “solution” as soon as the agents got the user off the phone. Lather, rinse and repeat, with one user problem generating as many as 10 tickets in less than a week’s time.

It was our own fault. We weren’t measuring the actual solution and the users’ satisfaction. Aside from the obvious fact that a completed issue is a meaningless metric in the first place (all issues are not equal), the internal help desk staff members hadn’t needed an artificial construct to encourage them to satisfy the users — the members of the small, four-person team had known that if they didn’t solve the problem on the first pass, when the user called back, the help desk would pass the user through to the original agent. They worked with the product development team to deflect potential user problems proactively, and trained users as much as they helped them with problems. Why? Because we staffed four agents regardless of call volume — that bit of extra work made the agents’ lives easier in the long run. However, with the new outsourcing model, the contracted agents were staffed for call volume. Seemed like a good idea at the time, but why solve a problem if it means that your own hours are going to get cut next week?

We didn’t measure the user satisfaction KPI because it had been an invisible KPI all along. We changed the variables (the help desk agent structure) and were surprised when the same metrics no longer yielded similar results. Shame on us.

We are predicting (along with everyone else) that 2012 will be the Year of Big Data, but the devil is in the details. For some CIOs, the hardest thing they ever tackle will be their very own subset of “small” data on their very own KPI scorecard.  May it be more valuable than Twain’s bemoaned statistics.

December 13, 2011  3:33 PM

Cloud security planning should be part of strategy from beginning

Scot Petersen Scot Petersen Profile: Scot Petersen

What are you doing about cloud security planning? I say planning because, in a survey of attendees at the recent Making the Case for the Cloud virtual seminar, more than half of the IT professionals responding said they don’t have a cloud strategy in place — though 100% said they would within the next year.

The point is that a cloud security strategy should be part of a cloud plan from the beginning. How that plan gets formulated is up for grabs, however. Responding to an instant poll taken during one seminar session on cloud incident response, 45% said their cloud security plan consists of reliance on SAS 70 Type II audit reports; another 32% said they rely on service contracts and lawyers to sort out the details; and 23% answered that they “can’t get management on board” for any security plan.

That’s pretty shocking. Even overlooking the 23% who are throwing up their hands, the other two options are not much better, certainly not by themselves. The SAS 70 standard was not designed with cloud security in mind.

According to IT security consultant Kevin Beaver, the speaker in the incident response session, SAS 70 had its place but is being phased out. “But it’s not that simple,” he said. “The bottom line is, you have to dig in deep; you can’t just assume that if everything checks out in the SAS 70 Type II audit report, everything must be fine. Because that is not the case, based on what I am seeing in my security work.”

First steps for cloud security planning? Get a good lawyer, a good security consultant and your CEO, and put them in a room together. Order lunch. And get down to business.

December 8, 2011  7:17 PM

Good interview questions drive project management success

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We all know that the secret to project management often can be boiled down to your team members. We’re currently in the process of collecting nominations for our IT Leadership Awards and often when I contact the nominated leaders to confirm their nomination information, they protest that they themselves were only leading a team. (I love those protestations, by the way, as it’s the sign of a great leader and it means that our IT Leadership Award nominations are spot on.)

Today, instrumental VP at Google Marissa Mayer is speaking at LeWeb in Paris. During the Q&A portion, she was asked what the secret is to be a great project manager. She thinks project management lives and dies through the interview with potential team members. Because Mayer’s candidates are already technically vetted before they ever get to the interview table, she is free to really get a feel for the potential team member through a series of surprising interview questions.

For instance, her favorite question is “What’s the coolest thing you’ve seen in the last six months?” Their answer will reveal what kinds of things they are exposed to and how those exposures influence them. Mayer also asks “What do you own that you love?” which is designed to reveal what the candidate is emotional about and helps Mayer grok how well the person will be able to emotionally connect to the products that they are designing and the Google customer experience.

That’s some pretty psychologically brilliant questioning. One could make some fairly sound judgments about a candidate who answered “my new iPhone 4S with the Siri personal assistant” versus “the Christmas ornament that my great grandmother left me in her will.” Which of those things is the right answer, according to Mayer? I suspect it might be the latter.

By the way, we’re still accepting nominations for the IT Leadership Awards. And no, we won’t think you’re being narcissistic if you nominate yourself. You can’t get ahead in the IT industry without celebrating your own successes, and this is a perfect time to do just that.

The comments invite you to share the coolest thing you’ve seen in the last six months. Who knows, it just might get you an interview with Google’s Marissa Mayer!

December 6, 2011  9:31 AM

Cloud computing services adoption could be the answer for security

Scot Petersen Scot Petersen Profile: Scot Petersen

About a year ago I moderated a panel on cloud computing services adoption in health care. A quick poll of the audience indicated that security was the No. 1 reason why their organizations were not using the cloud or were taking their own sweet time in figuring it out.

The panel of technology vendors tried to assuage fears that security issues could hinder cloud opportunities. One panelist compared the situation to online banking: What once was unheard of is commonplace now.

Still, adoption has been slow — and not coincidentally, because health care is an industry where data privacy has to be part of the fiber of its being. And if the state of security in health care is any indication, the industry has more pressing problems than deciding whether it should go cloud.

That could be the problem, however. Despite the myths about the cloud, maybe it’s where some companies can find more security than they are currently able to enforce themselves. For more information on strategies for making cloud the next step in your enterprise and security strategies, check in on the cloud security virtual seminar Wednesday, Dec. 7.

December 5, 2011  7:41 PM

Can you use the Kindle Fire for business?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week, we mine the Web for the jewels of knowledge that appeal to CIOs. This week, we’re looking at the trend of using the Kindle Fire in business, what compels women to quit their IT teams and the expanding reach of the website.

 We’re still not entirely on board with the iPhone 4S voice-controlled assistant Siri; apparently Siri has a problem understanding the Indian accent.

 The half-life of a tech worker is about 15 years, according to Matt Heusser. We’re feeling old right now, how about you?

 Get ready for some BIG big data. The White House is open sourcing its website and taking it global.

 With the holiday tech season in full swing, this year’s big mover and shaker is’s Kindle Fire tablet. The company plans to ship almost 4 million Kindle Fire units in Q4 2011. But can you use it for business?

 Tired of all of those blog posts about how to keep women in information technology? Here’s how to get those women to quit so you don’t have to worry about it anymore.

 You might want to watch your credit card statements over the next few weeks. The hacker group Anonymous is pulling a Robin Hood: It’s attacking the finance industry by removing funds from credit card accounts and donating the stolen money to charities around the globe. (If you see something odd, notify your financial institution for reimbursement.)

 Where do you fall in the argument about using the iPad 2 versus the Kindle Fire for business?

December 2, 2011  3:58 PM

Are you at risk? Huge Java vulnerability now weaponized and exploited

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s every CIO’s worst nightmare — that panicked call when you least expect it, delivering the worst possible news: “The firewall has been breached.” We know that you do everything possible to avoid that gut-dropping moment, so we’re letting you know that today might be the best day possible to force your users to do a Java software update. It seems that Oracle Corp. detected a major Java vulnerability a few months ago and fixed it. But now the folks who live to create chaos and disorder have picked up on the weakness too. According to the National Vulnerability Database (NVD):

“Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.”

 How bad is this? The NVD has scored it 10 out of 10. This isn’t Jabba the Hutt bad or even Darth Vader bad — it’s The Emperor of all Java Vulnerability bad.

 Java is historically a bit of a screen door for corporations in the first place. It doesn’t use the same engine for updating as Windows or Adobe Flash do, and the Java software update tends to get overlooked by IT. Considering that it’s a huge, overreaching software that affects users of Windows, Linux and Mac OS X, it’s the perfect opportunity for malicious programmers to exploit and “weaponize.” Even if you deployed a Java software update in mid-October, you might still be at risk — JRE 7 and 6 Update 27 and earlier are still at risk, according to security expert Brian Krebs.

Krebs managed to sneak into one of the exclusive hacker cybercrime communities and obtained a hacker video demonstrating how the hackers can exploit the Java vulnerability. It’s worth checking out, if only to see exactly how the criminals can easily take control of your users’ machines.

And of course, it would be worth the time to take a peek at your Java software update and make sure that your users aren’t going to accidentally stumble on an infected page or ad while using Mozilla Firefox or Internet Explorer — especially if they are still using Windows XP. There’s no time like the present.

November 30, 2011  3:20 PM

First, ‘bring your own device’; now, a zero email policy

Scot Petersen Scot Petersen Profile: Scot Petersen

The wave of optimism that began with advancements in smartphones and tablets that could enable a new generation of bring-your-own-device employees has been taking some strange zigzags of late.

 The first “zig” is that a major health care provider is taking steps to restrict workers’ Internet access as a result of an out-of-control malware problem.

 The latest “zag” comes from Thierry Breton, CEO at Atos, a French IT services firm. He wants to institute a zero-email policy within the next two years.

 This could be a shock to old-school users, who still live and breathe in their email application eight hours a day. But it could be a boon to up-and-coming Millennial-generation workers, who spend most of their time on devices communicating through social networks.

 In my case, I’m playing in both the old and new schools. I take notes on my iPad, then email them to myself for future reference. That might go against the common sense of Nicolas Moinet, information and communication professor at Poitiers University in France: “We have now reached crazy situations where employees go to a meeting, continue to send emails and then ask colleagues present to send them an email to know what was said during that meeting.”

 There’s a level of the absurd in this, but banning email? Like cutting off employees to the Internet, this latest attempt to get control of things will end up causing more problems. I like the out-of-the-box thinking espoused by Breton, but we need to rein in some workable solutions.

November 28, 2011  7:04 PM

Social media networking tips for finding new CIO positions

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

There’s nothing like the first day back after a major national holiday to make you feel like you’re drowning in task items. Cheer up, we’ve got your back. We’ve combed the Web and picked only the best and most interesting selections, ensuring that you’re up-to-date on last week’s high points. We’ve got social media networking tips, an automated elevator-pitch helper and help for resuscitating languishing CIO positions.

If you’re not sullied by Dropbox’s bad reputation for security breaches, John Jantsch gives you five ways to make Dropbox more useful.

One of the biggest social media networking tips is to protect yourself: Don’t let oversharing give crooks an upper hand.

Everyone needs a solid elevator pitch, whether it’s for a project you’re excited about or for yourself as you look at new CIO positions. Harvard Business School’s Elevator Pitch Builder offers helpful word suggestions while you craft your pitch.

Do you ever feel like everyone in your company hates the IT department? You’re right, they do.

Poor AT&T. Not only does Lance Ulanoff think the AT&T-T-Mobile merger is DOA, but the recent business customer phone-hacking was tied to terrorist funding.

File this under “You get what you pay for”: India is losing a huge chunk of its outsourcing business to offshore Filipino call centers, even though the workers in the Philippines are paid slightly better than their Indian counterparts, driving the overall cost of outsourcing up a smidge.

While the content of CIO positions doesn’t change, the context is a struggle, says John D. Halamka.

Using social media as a networking tool takes some finessing. It’s not as simple as setting up a profile and letting the job offers come to you. Here are some social media networking tips for using LinkedIn to find a better job.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: