What does it take to make it to CIO?

IT – A profession? 

Unlike established disciplines such as Accountancy and Engineering, IT has only recently started seeing itself as a profession. Therefore, it is lagging behind other professions in terms of training and career development. Whilst great strides have been made by such bodies as the British Computer Society and its SFIA (Skills Frame in the Information Age), there still appears to be a disconnect in convincing organisations to adapt such schemes.

What skills and attributes do IT professionals value? 

A significant proportion of IT professionals have come up through the “ranks” and have progressed quite often in organisations because of their technical skills. They will often have “management” thrust upon them and they have to adapt quickly, often without the comfort of a mentor or corporate development scheme. That said, the increasing importance of IT Service Management (ITIL) has helped IT organisations align closer to wider business need and processes.

What are the challenges for IT professionals in terms of career progression? 

Notwithstanding the contribution of ITIL, many businesses still see IT as an expensive overhead which harbors unfriendly pointy heads.  Often, IT is not seen as an important business driver (unless it fails) and the advance of consumer computing has created a perception by the business that “IT is easy.”

What skills and attributes do the business value? 

Businesses value those who know and understand the business whilst making a direct contribution to the bottom line. They expect leaders to be strong focused individuals who can communicate, influence and motivate staff and peers alike.  One important word here is influence. Quite often, those who climb the corporate ladder are those who can influence, usually through charisma, strong communication or sycophancy. The latter leads to the concept of seeking patronage which has been around since the days of Pharaoh’s court. A powerful patron will help his “student” create a strong personal brand and perception.

The previous paragraph probably makes uncomfortable reading for many IT guys because they probably believe that strong technical leadership in a meritorious environment will guarantee a passport to the top, i.e. becoming a CIO.

What can the poor nerds do? 

Well, if you could an write an app or software programme then it might look something like this:

10: SET CIO = DREAMS

20: SET POTENTIAL = (20 * PERSONAL_BRAND) + (10 * BUSINESS_KNOWLEDGE) + (2* LEADERSHIP) + (0.0005 * TECHNICAL_COMPETENCE)

30 IF POTENTIAL > CIO THEN GOTO 100

40 PERSONAL_BRAND = PERSONAL_BRAND + SYCOPHANCY + POLITICS + UNDERMINING

50 GOTO 20

100 PRINT “WELL DONE”

So who hired the hacker?

Picture what would happen if you discovered that you had hired a suspected hacker in your IT department. Here are just a few thoughts to consider:

What can you do?

You might ask yourself a question – Is he a white or black hat? The former is an ethical hacker whilst the latter is non-ethical. What’s the difference?

As per the Wikipedia definition, An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not.

A hacker is someone who seeks and exploits weaknesses in a computer system network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment.

So what can you do to determine if the employee is exhibiting hacker behaviours

1) Check your that your security controls are working effectively – You might look at your firewall port profile, recent IDS, FIM, log analysis reports, etc. You could as far as undertaking a vulnerability scan of your internal network or external perimeter. The problem with vulnerability scanning is that often leads to false positives and more effort goes into sorting these out than addressing the other vulnerabilities. It usually requires a highly competent individual to undertake this. You might also want to check the employee’s authority levels.

2)  Is the Employee adhering to corporate standards?

Has he or she done something different which they claim is required to undertake security testing etc? Such things include:

– Setting up a “back door” WAN circuit which by-passes corporate perimeter security controls.

– Provision of anonymous access tools to the web and intranets etc – e.g. Tor Browser

– Weakening of security controls – e.g. replacing IMAP with POP3 on smart phones or moving from WPA2 to WEP on corporate wi-fi networks.

– Setting up new domains or networks.

I hope this has been useful.

Are technical strategies a thing of the past?

Let’s start with one definition of a strategy is: A plan of action designed to achieve a long-term or overall aim.

Most large organisations and indeed governments develop and implement strategies in order to  deliver objectives – think of health care, roads and public transport and most importantly, the economy  .  Once you come to technology,people often want to show they have a ‘CAN DO’ attitude, particularly if tactically minded managers are in charge. Another challenge to the strategists is that technology moves on so quickly that it does not make good business sense to get stuck in a long term quagmire. They probably know that “CAN DO” from amateurs often becomes “CANNED, WHO?”

So think of a scenario in ACNE Food company – The strategic manager, Mister Good, approaches the HR director, Mister Evil, who is heading up the IT and Technology function.

Mister Good : “I recommend developing a technical strategy based on what the business need for the next five years. That way, we’ll ensure that we can offer an agreed and fit for purpose SLA by having a fully resourced and funded ICT service offering.”

Mister Evil : “I know what the business want. They need the latest I-pads so they can read minutes of meetings when they are on the train.”

Mister Good : “What about aligning technology to support the new commercial and sales strategy we heard about last week.”

Mister Evil : “I don’t want you navel gazing into the future. Just get your guys warmed up to get those I-pads with a few apps on them to see what the Press is saying about us.”

==========================================================================================

One year later, the ACNE Food company Board are very proficient in using I-pads despite one of them losing some personal data from accessing a rather dodgy site. In the meantime, the company’s finance and logistics systems are now becoming obsolescent and struggling to meet the increasing commercial demands of the company. It’s not all bad news though. The Marketing department have developed a number of apps and have received a marketing Industry award for them. However, the ICT budget has been blown trying to prop up the antiquated corporate systems.

===========================================================================================

The question I would like readers to answer is was the HR Director correct in pursuing his short term objectives? After all, his Board colleagues saw him as someone who is proactive and technically savvy. Conversely, they saw the Strategy Manager as a superfluous whining overhead.

Please let me have your comments.