• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 192
  • Last Modified:

need to learn CIO role, to become a better IT specialist, including Cyber security, cyber warfare

I know this is a tech forum, but wanted suggestions from IT professionals on how to talk to / think like a CIO, to further my value to the organization. Although I'm king of my cube, nevertheless my seat is a little hot, and who knows when I might be pounding the pavement. So I am just looking for general suggestions on how to get in the CIO's world, so I can beef up my perspective and focus discussions on what gets - and keeps - their attention.

I'm a software developer (primarily database developer), with previous project management experience, lots of custom SDLC start-to-finish projects, and recently a lot of maintenance programming with a few major enhancements thrown in. I have some basic HTML/JavaScript experience but that's not going to pay the bills. I tried Java but we never got along. I've also dabbled in Sql Server / SSIS, which I like a lot but haven't had the opportunity to work in this much. Custom Sql / PL-Sql puts bread on the table.

I'm not looking to BECOME a CIO, just talk their talk to get their attention. For example, I need metrics on supporting an old, custom built system (we have like 10+ maintenance programmers and a blind eye to the obsolescence of  the system / technology). So the CIO says, "you're spending WHAT on maintaining that ??? O.M.G." what kind of metrics help in this area ?

My quick assessment turned up these links:
CIO Insight
Business of Federal Technology (other gov't tech links would be great)

that's enough to keep me busy for sure, but just looking for some discussion.

and any Cyber sites ? although that's not my area, surely that keeps the CIO awake at night, so I should try and gain some perspective in this area.
Gadsden Consulting
Gadsden Consulting
  • 7
  • 4
3 Solutions
btanExec ConsultantCommented:
Great that you have development background then it is really the walk the talk strategy that should be part of any CIO  or CxO preaching to the staff. Working at high mgmt level required to have clear and concise direction for the business to drive through together in the thick and thin. As they said, when the going get tough, the tough get going. The rapport gaining from any of the CxO is really touch the people heart, touch the process nuances and touch the technology edge.

I may not be good in advising CIO but my passion has been in cyber security, as you may be interested in my IT hard truth series articles - setting the stage and calling for action. It has also links to some cyber initiative and primary focus is being able to manage risk in event of breach or incident. This day, the cyber crisis readiness is not to be taken for granted. The disaster (not only based on Murphy's law) is an "If" rather than a "When" situation. Be prepared for the next cyber storm and watch the data breach headlines ... it just go on and on as you can see the slew of breach in MNC and even SME. Being a leader needs resilience to bring everyone including stakeholders safe and secure to the shore.

In fact, rather than crawling through sites for CIO insights, maybe it is a step back to ask why this question and the objective and outcome in the next step after gathering all the insights. Sometimes, more information can complicate and for complexity is the forever enemy for security. It is good to simplify matter and hit straight to the goals and mission for the business. But not any simpler which can be hastily jotted for the sake of doing the "To-Do" list. Gartner has article for the CIO and even CISO first 100 days which I believe can be useful thoughts in working out some kickstarter. Human is still a very systematic mammal.

With the clear goals, you can then recall also "People" to engage. Who will be your right and left man? How wide is the community and network establish? This is to further your insight and able to share intelligence openly with trustworthy folks in a private and public relation context. Cyber security has quite few communities and mostly SANS and Security technology leader form up alliance to educate the public to heighten their reach to leverage on top of existing tradition defense (such as just AV and FW). Government has a good leading article for CxO too. You can check out AUS DSD, NIST and GCHQ CESG. Knowing the policy, guidance and practice set good direction to doing first thing right too. e.g.

Aus DSD (check out the "Questions Senior Management Need to be Asking about Cyber Security")

NIST (Cyberframework which is guidance to industry)

US CERT (tips to stay secure and savvy, and there are many  "Get Safe On-line" to make sure cyber crime are brought to close watch especially reputation is at stake if breach befall...)
... and also their "Why is Cyber Security a Problem?"
... and leading "National Cybersecurity Initiative"

Know about the knowledge center such as for critical infrastructue http://ics-isac.org/resources/

GCHQ CESG (check out its Cybersecurity Guide for Executive)
e.g. for high level, can catch the "Cyber risk management: a board level responsibility" and "10 Steps to cyber security: executive companion"
..in fact, those who are serious about security really must most towards mandating good practice in security by design

(good means to find your expertise and understand the baseline and needs for next cyber security manpower)
Cyber competency
Cyber essential assessment of company

lastly, I believe ITIL and ISO27001 are also area to check out. They are another good references in your list to bring the business into a systematic and secure service delivery. It serves to guide and align to well recognised standard by industry and customers in term of quality aspects.
Gadsden ConsultingIT SpecialistAuthor Commented:
wow, excellent ! I'll review in detail tomorrow, but the cyber focus is excellent.

Thanks !
Gadsden ConsultingIT SpecialistAuthor Commented:

- great stuff, thank you ! excellent depth and insights. Your articles and links are a great resource.

>>(you said)The disaster (not only based on Murphy's law) is an "If" rather than a "When" situation.
- I think you meant, "The disaster (...) is an "when" rather than a "if" situation.", no ?

I'll leave this open for a couple of days to see if there are any non-cyber responses.
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Gadsden ConsultingIT SpecialistAuthor Commented:
to clarify, one basic question that the CIO might want to know (even if he doesn't know he needs to know . . . ) is

"How much are the maintenance costs of supporting this system ?"

The system in question is an web-based / Oracle system used in a large enterprise. It's your basic data intensive system, so it has X modules, Y reports, Z batch jobs, X# of users, etc. So if maintenance costs are Z, how do you know if this is a reasonable cost or not ? Plus this should be considered in light of the original cost of the system plus the expected replacement cost for a new system - the current system is 10+ years old and uses an old platform (to generate and manage code).
btanExec ConsultantCommented:
Great catch - I missed while typing away :) Not If, but When! I wrote that in my other article too. If you think those articles help, you can consider putting a helpful vote against them :p

in fact, you just catch the security creeps - security is no cost saving. It can be additional performance cruncher but the cost is saved and long term benefits reaped via avoiding to "pay" those unnecessary cost due to breach. Check those Home Depot, Target, eBay cost incurred due to breach - imagine if they could avoid those incident and how much  in returns that can have saved for other better investments. You may be interested in looking at the global breach in visual affects http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Most security returns is termed as return of security investment (ROSI). The point is there is need for security budget as a long time investment as well, and not staving away from IT budget or other department budgets...recent JP Morgan has even increased their security budget due to the breach...
According to a study by PricewaterhouseCoopers, companies are increasing their cyber security budgets. PwC surveyed 758 financial-services companies and insurers. The current amount they spend on cyber security measures is $4.1 billion. Financial-services companies plan to bolster their cyber security budgets by about $2 billion over the next two years, according to the survey. PwC predicts that world-wide security spending in 2016 will be $83.2 billion. Financial-services companies in particular are concerned about the security of their financial information after JP Morgan’s breach.
Wells Fargo & Co. spends $250 million a year on cyber security, and will increase staffing in the next year. Citigroup has already increased its budget by $300 million. JP Morgan plans to have 1,000 people focused on cyber security by the end of this year. The financial institution currently spends $250 million on cyber security, and plans to double that amount during the next five years.

Hope it helps though I am no good mathematician
Gadsden ConsultingIT SpecialistAuthor Commented:
>>can consider putting a helpful vote against the articles
- done !

>>You may be interested in looking at the visual affects
- nice graphic !

Thanks again . . .
btanExec ConsultantCommented:
thanks for being gracious :)
Gadsden ConsultingIT SpecialistAuthor Commented:
Here are two links I found close to what I was looking for on software maintenance costs:

- SWEBOK, Chap 6 - Maintenance

- Galorath's Software Total Ownership Costs
btanExec ConsultantCommented:
Thanks, thought this may come handy too

RH EAP calculator (comparing with Oracle Weblogic base)

Focus on Reducing License and Maintenance Costs
Gadsden ConsultingIT SpecialistAuthor Commented:
great, thanks for the links. The Wikibon site looks like an excellent resource.
Gadsden ConsultingIT SpecialistAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now