Solved

need to learn CIO role, to become a better IT specialist, including Cyber security, cyber warfare

Posted on 2014-12-08
11
136 Views
Last Modified: 2016-03-23
I know this is a tech forum, but wanted suggestions from IT professionals on how to talk to / think like a CIO, to further my value to the organization. Although I'm king of my cube, nevertheless my seat is a little hot, and who knows when I might be pounding the pavement. So I am just looking for general suggestions on how to get in the CIO's world, so I can beef up my perspective and focus discussions on what gets - and keeps - their attention.

I'm a software developer (primarily database developer), with previous project management experience, lots of custom SDLC start-to-finish projects, and recently a lot of maintenance programming with a few major enhancements thrown in. I have some basic HTML/JavaScript experience but that's not going to pay the bills. I tried Java but we never got along. I've also dabbled in Sql Server / SSIS, which I like a lot but haven't had the opportunity to work in this much. Custom Sql / PL-Sql puts bread on the table.

I'm not looking to BECOME a CIO, just talk their talk to get their attention. For example, I need metrics on supporting an old, custom built system (we have like 10+ maintenance programmers and a blind eye to the obsolescence of  the system / technology). So the CIO says, "you're spending WHAT on maintaining that ??? O.M.G." what kind of metrics help in this area ?

My quick assessment turned up these links:
CIO
CIO Insight
Business of Federal Technology (other gov't tech links would be great)
Computerworld

that's enough to keep me busy for sure, but just looking for some discussion.

and any Cyber sites ? although that's not my area, surely that keeps the CIO awake at night, so I should try and gain some perspective in this area.
0
Comment
Question by:Gadsden Consulting
  • 7
  • 4
11 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40488002
Great that you have development background then it is really the walk the talk strategy that should be part of any CIO  or CxO preaching to the staff. Working at high mgmt level required to have clear and concise direction for the business to drive through together in the thick and thin. As they said, when the going get tough, the tough get going. The rapport gaining from any of the CxO is really touch the people heart, touch the process nuances and touch the technology edge.

I may not be good in advising CIO but my passion has been in cyber security, as you may be interested in my IT hard truth series articles - setting the stage and calling for action. It has also links to some cyber initiative and primary focus is being able to manage risk in event of breach or incident. This day, the cyber crisis readiness is not to be taken for granted. The disaster (not only based on Murphy's law) is an "If" rather than a "When" situation. Be prepared for the next cyber storm and watch the data breach headlines ... it just go on and on as you can see the slew of breach in MNC and even SME. Being a leader needs resilience to bring everyone including stakeholders safe and secure to the shore.

In fact, rather than crawling through sites for CIO insights, maybe it is a step back to ask why this question and the objective and outcome in the next step after gathering all the insights. Sometimes, more information can complicate and for complexity is the forever enemy for security. It is good to simplify matter and hit straight to the goals and mission for the business. But not any simpler which can be hastily jotted for the sake of doing the "To-Do" list. Gartner has article for the CIO and even CISO first 100 days which I believe can be useful thoughts in working out some kickstarter. Human is still a very systematic mammal.

With the clear goals, you can then recall also "People" to engage. Who will be your right and left man? How wide is the community and network establish? This is to further your insight and able to share intelligence openly with trustworthy folks in a private and public relation context. Cyber security has quite few communities and mostly SANS and Security technology leader form up alliance to educate the public to heighten their reach to leverage on top of existing tradition defense (such as just AV and FW). Government has a good leading article for CxO too. You can check out AUS DSD, NIST and GCHQ CESG. Knowing the policy, guidance and practice set good direction to doing first thing right too. e.g.

Aus DSD (check out the "Questions Senior Management Need to be Asking about Cyber Security")
http://www.asd.gov.au/publications/index.htm#tabs-1

NIST (Cyberframework which is guidance to industry)
http://www.nist.gov/cyberframework/index.cfm

US CERT (tips to stay secure and savvy, and there are many  "Get Safe On-line" to make sure cyber crime are brought to close watch especially reputation is at stake if breach befall...)
https://www.us-cert.gov/ncas/tips/st04-005.html
... and also their "Why is Cyber Security a Problem?"
https://www.us-cert.gov/ncas/tips/ST04-001
... and leading "National Cybersecurity Initiative"
http://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative

Know about the knowledge center such as for critical infrastructue http://ics-isac.org/resources/

GCHQ CESG (check out its Cybersecurity Guide for Executive)
e.g. for high level, can catch the "Cyber risk management: a board level responsibility" and "10 Steps to cyber security: executive companion"
https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility
..in fact, those who are serious about security really must most towards mandating good practice in security by design

(good means to find your expertise and understand the baseline and needs for next cyber security manpower)
Cyber competency
http://www.cesg.gov.uk/awarenesstraining/certified-professionals/Pages/index.aspx
Cyber essential assessment of company
http://www.cesg.gov.uk/servicecatalogue/cyber-essentials/Pages/cyber-essentials.aspx

lastly, I believe ITIL and ISO27001 are also area to check out. They are another good references in your list to bring the business into a systematic and secure service delivery. It serves to guide and align to well recognised standard by industry and customers in term of quality aspects.
http://searchcio.techtarget.com/ITIL-strategy-guide-for-the-midmarket-CIO
http://searchcio.techtarget.com/guides/ITIL-and-ITSM-program-guide-for-enterprise-CIOs
0
 

Author Comment

by:Gadsden Consulting
ID: 40488004
wow, excellent ! I'll review in detail tomorrow, but the cyber focus is excellent.

Thanks !
0
 

Author Comment

by:Gadsden Consulting
ID: 40488767
btan,

- great stuff, thank you ! excellent depth and insights. Your articles and links are a great resource.

>>(you said)The disaster (not only based on Murphy's law) is an "If" rather than a "When" situation.
- I think you meant, "The disaster (...) is an "when" rather than a "if" situation.", no ?

I'll leave this open for a couple of days to see if there are any non-cyber responses.
0
 

Author Comment

by:Gadsden Consulting
ID: 40488774
to clarify, one basic question that the CIO might want to know (even if he doesn't know he needs to know . . . ) is

"How much are the maintenance costs of supporting this system ?"

The system in question is an web-based / Oracle system used in a large enterprise. It's your basic data intensive system, so it has X modules, Y reports, Z batch jobs, X# of users, etc. So if maintenance costs are Z, how do you know if this is a reasonable cost or not ? Plus this should be considered in light of the original cost of the system plus the expected replacement cost for a new system - the current system is 10+ years old and uses an old platform (to generate and manage code).
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points
ID: 40488928
Great catch - I missed while typing away :) Not If, but When! I wrote that in my other article too. If you think those articles help, you can consider putting a helpful vote against them :p

in fact, you just catch the security creeps - security is no cost saving. It can be additional performance cruncher but the cost is saved and long term benefits reaped via avoiding to "pay" those unnecessary cost due to breach. Check those Home Depot, Target, eBay cost incurred due to breach - imagine if they could avoid those incident and how much  in returns that can have saved for other better investments. You may be interested in looking at the global breach in visual affects http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Most security returns is termed as return of security investment (ROSI). The point is there is need for security budget as a long time investment as well, and not staving away from IT budget or other department budgets...recent JP Morgan has even increased their security budget due to the breach...
According to a study by PricewaterhouseCoopers, companies are increasing their cyber security budgets. PwC surveyed 758 financial-services companies and insurers. The current amount they spend on cyber security measures is $4.1 billion. Financial-services companies plan to bolster their cyber security budgets by about $2 billion over the next two years, according to the survey. PwC predicts that world-wide security spending in 2016 will be $83.2 billion. Financial-services companies in particular are concerned about the security of their financial information after JP Morgan’s breach.
 
Wells Fargo & Co. spends $250 million a year on cyber security, and will increase staffing in the next year. Citigroup has already increased its budget by $300 million. JP Morgan plans to have 1,000 people focused on cyber security by the end of this year. The financial institution currently spends $250 million on cyber security, and plans to double that amount during the next five years.
http://blog.eiqnetworks.com/blog/bid/358370/Financial-Companies-Increasing-Cyber-Security-Budgets

Hope it helps though I am no good mathematician
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Gadsden Consulting
ID: 40488964
>>can consider putting a helpful vote against the articles
- done !

>>You may be interested in looking at the visual affects
- nice graphic !

Thanks again . . .
0
 
LVL 61

Expert Comment

by:btan
ID: 40488966
thanks for being gracious :)
0
 

Assisted Solution

by:Gadsden Consulting
Gadsden Consulting earned 0 total points
ID: 40489179
Here are two links I found close to what I was looking for on software maintenance costs:

- SWEBOK, Chap 6 - Maintenance

- Galorath's Software Total Ownership Costs
0
 
LVL 61

Expert Comment

by:btan
ID: 40490236
Thanks, thought this may come handy too

RH EAP calculator (comparing with Oracle Weblogic base)
http://www.redhat.com/promo/eap_calculator/

Focus on Reducing License and Maintenance Costs
http://wikibon.org/wiki/v/Oracle_Negotiation_Tips:_Focus_on_Reducing_License_and_Maintenance_Costs
0
 

Author Comment

by:Gadsden Consulting
ID: 40491171
great, thanks for the links. The Wikibon site looks like an excellent resource.
0
 

Author Closing Comment

by:Gadsden Consulting
ID: 40498697
.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now