For years we have talked about the requirement to make the top security and risk (S&R) role increasingly business-facing, and this is now turning into a reality. Surprisingly, however, we see an increasing number of non-IT security folk stepping up to take the CISO role, often ahead of experienced IT professionals.
These "next-gen" CISOs are commonly savvy business professionals, experienced at implementing change and evolving processes, and adept at dealing with strategies, resource plans and board-level discussions. Their placement into these S&R roles often comes as an unwelcome surprise to those that have been working within the IT security teams; however, we have to recognise that this new breed are simply filling a gap. Unfortunately, although we have talked about the professionalization of the role and the need for greater business engagement, many S&R professionals are still not ready for the leap, and this opens up an opportunity for others to steal their way in.
Make no mistake; this is a significant change in the traditional S&R professional career path.
The word 'transformation' is probably one of the most overused words in business and IT. I put my hands up and confess that in the past, as an enterprise management consultant, I have tagged IT management solution projects as 'transformations' as it just sounds so much sexier than the word 'change' or 'implementation'. Come on, you have to agree it does, doesn't it? But my call to you today is to help Forrester to eradicate the abuse of this word during 2013.
How can I help? We are currently working on The I&O Practice Playbook at Forrester which looks to address the I&O organisation of the future in terms of its people, process, technology and culture. Before I go on any further, I am going to say that in order to get to this 'future', I&O organisations really do need to go through true 'transformation' which can be defined as:
A major shift in people, processes, technology and culture. An example is an IT organization which wants to transform to be more customer-centric. The vision to be customer-centric will potentially require a change to people (skills, recruitment etc), process (structure, activities, measurement etc) technology (end-user, infrastructure etc) and culture (fostering customer-centricity).
Is there a fundamental problem in today’s IT? I believe there is, and it’s this: IT decision-makers are too often focused on the wrong things.
In a recent study, Forrester examined the top priorities, topics, and terms from a variety of data sources for both business decision-makers and technology decision-makers. What we found was a very clear — and to my mind, troubling — distinction between these two groups.
Business decision-makers focus on topics like growing revenue, improving customer satisfaction, and hiring, developing, and retaining the best talent. By contrast, IT decision-makers focus on topics like improving project delivery performance, improving budget performance, and cutting IT costs.
The fact that IT decision-makers have so little focus on business outcomes is one of the main reasons IT is seen as disconnected from the rest of the business.
The only way for CEOs and CIOs to fix this is to begin to measure IT professionals more in terms of business-outcomes and less on project delivery and system uptime. In other words, we need to measure IT professionals using the same KPIs we use to measure leaders across the rest of the business. This means we must begin measuring IT’s impact on things like the change in customer satisfaction (that’s the company’s customer satisfaction and not IT’s internal “customers” as some groups like to refer to other employees in the company), or the increase in sales, or the ability to attract and retain top talent.
I was talking with a client the other day about the reporting structure of her applications organization. The group had a single leader, but underneath, it was subdivided into groups that were a combination of technology (website, data analytics, intranet), business unit (four major ones), and IT processes (QA). The leader of this group knew that every organization is different based on the culture, size, maturity of managers and a dozen other factors. However, she was seeing a lot of friction between groups and wanted to know what structural changes other organizations had made and what the tradeoffs were.
We started by talking about the direction of the organization. In particular, she needed to determine if the business units were moving to greater integration of their data and processes or whether the business silos formed were just fine. Though most organizations are moving to greater integration, this is not an obvious answer, as some companies have run-off business areas that are in maintenance mode and may be kept separate. For this call, she asked that we assume the company needed greater integration. There were other drivers around growth and cost containment that we discussed as well.
I bet you are thinking, “Oh no, this looks like a typical Friday IT blog post” and it has all the key ingredients – It’s Friday-tick-has science fiction references-tick-has a weird title-tick – but please go with the flow with this one.
I realize I'm posting two rants in a row here (my last one was on marketing being a dirty word), but this is important! I just read in the WSJ that it's time more CIOs report to the top... my initial reaction was "oh come on, really, are we still on with this old chestnut?" -- the thing is, I couldn't agree more. But here's what gets me -- we were saying this in the '80s. The hope back then was that, as more CEOs stepped up who had grown up with technology, things would change and more CIOs would report into the CEO. Clearly this was pie-in-the-sky optimism ... so what went wrong?
Traditional wisdom (aka analysts) suggests that it's up to the CIO to "earn" a seat at the table by demonstrating leadership, delivering business value from IT, and lots of other hoops to jump through. While my colleagues and I work diligently on research to help CIOs achieve this, I can't help feeling there is an alternative perspective we are missing, and that's what drove me to write this blog post.
I'm going to date myself here, but in the early 90's when I was working in IT, I created a new role: "IT Marketing and Services." In defining the role, I was quite deliberate about my choice of words -- especially in the use of "marketing." This role was responsible for all customer-facing aspects of IT -- that included IT business relationship managers (yes we had them back in the early 90's), help desk, training, communications (of the PR kind), demand management and planning. I chose the word "marketing" deliberately to reflect the fact that this was a customer-facing responsibility (both internal IT customers and end-customers of the business from a technology perspective).
Twenty years on, and the number of IT professionals who really understand marketing and recognize the importance of marketing as a key component of IT operating strategy has, if anything, declined. Why?
Often when I ask CIOs today about the role of marketing in IT they are overcome with concern about using the term "marketing" in the context of IT. They believe people across the organization will think there is no role for marketing in IT, and that having anyone with a "marketing" title will suggest IT has too much money. Why does this fundamental misunderstanding of marketing perpetuate throughout organizations? So many otherwise knowledgeable executives think marketing is simply advertising or worse "spin." Do "marketing" job titles in IT really suggest that CIOs are trying to "sell" IT to the rest of the business? I wonder if this is a problem for IT or if it is an issue created by the perception of others outside of IT.
Cash-starved. Fast-paced. Understaffed. Late nights. T-shirts. Jeans.
These descriptors are just as relevant to emerging tech startups as they are to the typical enterprise IT infrastructure and operations (I&O) department. And to improve customer focus and develop new skills, I&O professionals should apply a “startup” mentality.
A few weeks ago, I had the opportunity to spend time with Locately, a four-person Boston-based startup putting a unique spin on customer insights and analytics: Location. By having consumers opt-in to Locately’s mobile application, media companies and brands can understand how their customers spend their time and where they go. Layered with other contextual information – such as purchases, time, and property identifiers (e.g. store names, train stops) – marketers and strategists can drive revenues and awareness, for example, by optimizing their marketing and advertising tactics or retail store placement.
The purpose of my visit to Locately was not to write this blog post, at least not initially. It was to give the team of five Research Associates that I manage exposure to a different type of technology organization than they usually have access to – the emerging tech startup. Throughout our discussion with Locately, it struck me that I&O organizations share a number of similarities with startups. In particular, here are two entrepreneurial characteristics that I&O professionals should embody in their own organizations:
A recent email got my attention. It highlighted a blog post on the MIT Technology Review website about a video from RSA Animate (copied below) illustrating a lecture by Dan Pink (@danielpink on Twitter): "The Surprising Truth About What Motivates Us," based on his book of the same name.
What got my attention? We need to stop rewarding with a carrot and threatening with a stick. The video highlights multiple research findings that suggest knowledge workers are more motivated by autonomy, mastery and purpose than by financial reward. Pink suggests that financial incentives may actually have a detrimental impact on performance under certain circumstances. (The research suggests money is a motivator for purely mechanical tasks but as soon as some level of cognitive processing is required to complete the task, money is secondary to other factors.)
I was recently asked about the importance of selling skills for CIOs - does a CIO need to be a good salesperson? It seems to me the answer to this should be a resounding yes. After all, IT executives need to be able to sell themselves effectively in order to attain the heights of the C-Suite. Great CIOs must be great communicators, capable of delivering a compelling presentation or a memorable speech, and inspiring others to follow them.
But what of sales skills beyond being a good presenter? Since many sales skills are focused on understanding people and connecting with them, I've found sales training to be highly effective on two levels:
Developing better listening skills. One of the first things you learn as a salesperson is not how to make a pitch, but how to listen to a customer - only by listening can a good salesperson effectively satisfy the needs of a prospect/customer.
Understanding how products/services meet the customer needs. Salespeople spend a lot of time learning about a firm's products and services; they learn how they meet the various customer needs and they learn how to present them in the best light.
So go ahead and sign up for the next sales training class being run in your organization - you may be pleasantly surprised!
Are CIOs the only people in IT needing sales skills?
I'd like to make the case for putting everyone in IT through sales training - here's why: