With digital technology increasingly vital to business, the CIO role is quickly evolving, placing IT leaders under threat from business executives who offer the blend of business and technical savvy necessary to lead transformational strategies in the future.

A recent report by market intelligence firm IDC has placed IT leaders at a crossroads, predicting that, by 2026, 60% of APAC CIOs will find their roles challenged by LOB (line-of-business) counterparts who can better demonstrate the ability to align technology with the organization’s mission and customers.

Already under pressure to accelerate digital transformation, CIOs now often find their voices drowned out by LOB executives who are heavily involved in making technology decisions, according to the report. This trend could leave CIOs vulnerable to decreased influence over the corporate technical agenda, or pushed into a secondary C-suite role.

Narottam Sharma, who recently quit his role as global CIO of Indian multinational Mastek to advise enterprises on digital transformation, cuts to the heart of the issue: “Technology is getting democratization but the pace at which business is learning technology is faster than the pace at which technology is learning business. As a result, CIOs find their roles being challenged by LOB counterparts.”

Increasingly fragmented technology budgets and transformation strategies could accelerate this crisis, he says.

“The fallout of this is challenging for CEOs as it results in distribution of money in different pockets within an organization,” Sharma says. “Also, there is a lack of cohesive and holistic transformation in the company, which eventually hinders realization of collective value for the organization”

The growing stature of LOBs

Malaysia-based Ts Saiful Bakhtiar Osman, head of IT for Asia Pacific at financial services company The Ascent Group, has experienced this situation first hand, to damaging results.

“I have been in this situation in the past when frustrated LOB managers resorted to lobbying, by using speed-to-market as an excuse, with the top management for allowing them to proceed with their own initiatives,” Osman says. “Such bulldozing without proper planning and IT best practices in place led to the initiative backfiring. IT was later dragged in to clean up the mess.”

“This not only added unnecessary workload to IT but also exposed the organization to unnecessary incompliance audit findings and threat vulnerabilities. Had IT been consulted from the beginning, it would have saved the company time and cost to combat all the bugs and security issues. The IT security governance standard is put there for a reason,” he says.

Still, Osman agrees that active participation from LOBs can have positive impact as well, provided proper controls are in place. Business would be able to grow rapidly with LOB executives leading initiatives in their area of expertise. And nurturing ownership from business executives can also mitigate pushback. “In the absence of control, the enterprise would be at risk due to shadow IT and the IT department can turn into a convenient scapegoat to be blamed for any failed initiatives,” he says.

Naren Gangavarapu, CIO and digital officer at Northern Beaches Council, a local government organisation in Sydney, is all for this trend, seeing the shift not as a “passing fad that is temporary” but as something CIOs should expect will become the new normal.

“This is the direction businesses should be heading to,” he says. “Right now, most organisations have multiple strategies such as digital strategy, IT strategy, security strategy, business strategy, and corporate strategy. To get these to work in a harmonious way is a challenge and they end up collecting dust and reviewed once a year or more thus losing relevancy in a fast-changing world. There should be only one strategy and that is ‘strategy for the digital world.’ Advances in AI and quantum computing will further put LOBs in the driver’s seat.”

In his previous role, Gangavarapu was embedded in business where he was responsible for delivering efficiencies, which involved leading digital transformation initiatives within the LOB (Department of Planning). He was able to “halve assessment timeframes for state significant projects resulting in $18 billion dollars of investment into New South Wales creating 59,000 jobs during FY 18/19.”

How CIOs can remain relevant

Even as LOB executives get more tech savvy, the past few years have proven how critical the CIO role is for businesses to stay resilient and execute on their digital transformation strategies.  

To ward off LOB heads from their turf, Linus Lai, chief analyst and digital business research lead at IDC A/NZ, says CIOs must be able to demonstrate to other members of the C-suite how their actions and decisions directly boost the bottom and top lines. CIOs should also build stakeholder relationships within LOBs and leverage business relationship managers to better serve customer-facing organizations.

“CIOs will have to ensure effective joint business outcomes from IT and LOBs by delivering strategic digital business advice and enabling effective upwards communication. They must initiate a critical review of sourcing practices to manage the supplier ecosystem to maintain architectural goals and spending targets. Also, IT leaders will need to manage technical debt across the application portfolio with agile portfolio management and value stream mapping,” he says.

For CIOs to hold their own, Sharma says IT leaders can’t stop at business acumen, but instead must develop great interpersonal skills and be able to lead people in a cross-functional and cross-geographical environment. They should also be able to leverage emerging technologies to lend business a competitive edge.

To do this in his former roles as CIO, Sharma created a cross-functional decision committee comprising functional leaders, such as the CFO and CHRO, and technical leaders, such as the CIO or head of applications. “That helped in democratizing the process and enabling a smooth sale though and execution of any project,” he says.

Gangavarapu says such efforts are vital for addressing this trend, which includes “a shift in technology resources’ mindset to a new direction by preparing them to blend into the LOBs through awareness, training, and a culture shift. Besides recruiting a digital-savvy workforce for the future that is aligned to customer expectations, CIOs should themselves gear up to become an advisory function,” he says.

To do this, Gangavarapu has established a digital council at Northern Beaches Council to get the board, which consists of 15 Councillors who are elected by the community, to buy into his vision and direction. He is updating the workforce strategy and capability framework, which outlines the digital skills expected of each new hire based on their role.

“We are decentralizing budget from IT back to individual business units where they have ownership and drive the lifecycle of the contract and services. We also embed skills into LOB resources on an ongoing basis so that they are equipped to handle technology changes, compliance, and regulatory shifts around technology,” he says. “Here IT is taking an advisory role and LOBs are taking the lead. By connecting LOBs to market innovators in respective areas, with IT support, we encourage innovation.”

According to Gangavarapu, these initiatives have resulted in quite a few LOBs being self-sufficient and running their own digital initiatives with centralized coordination from IT.

Measuring progress during this journey, he shares that “employee engagement went up by 9%, wellbeing up by 13%, progress up by 18%, and customer satisfaction score shift from 71% in 2019 to 88% in 2022.”

What the future CIO role could look like

It is a given that CIOs in the future will perform beyond their IT functions. With the recent pandemic and the increasing push for digital transformation, CIOs are already wearing multiple hats to help evolve the business. “CIOs are now required to become a marketing strategist, a business analyst, a finance advisor, and an operation expert while delivering their core expertise as an IT champion. This is the way ahead and CIOs need to keep on upgrading, reskilling, and upskilling to stay relevant,” Osman says.

Going forward, there will be opportunities for CIOs to step into other CXO functions to add value and stay relevant, and this imperative will apply to all other technology resources who will realise that they cannot work siloed in a standalone IT business unit anymore but must be embedded in the LOB, understand context, and be able to add value.

As Gangavarapu says, “Digital and technology function will get embedded into LOBs driving strategies and offering products and services for the digital world. The function of information technology teams will reduce as quite a few will move to the LOBs and IT will end up running the plumbing works such as infrastructure, communications, and cybersecurity. [Cross-functional teams] will become a core ingredient of a succeeding in a digital world.”

And this shift to embedded IT will further transform the CIO role, Gangavarapu says.

“Driving digital adoption in business is easier being a part of business rather than driving from IT, as it is seen as external — someone is doing this to us — instead, ‘We are driving this’; hence, CIOs must start picking up roles in LOBs with various titles such as chief translation officer, chief digital advisory officer, or chief innovation officer,” he says.

IT leaders not willing to change may soon be out of luck, Sharma says, as he sees the CIO role getting replaced, unless they acquire the necessary skills to remain relevant, by that of a chief transformation officer, who would work closely with the CEO and act as a bridge between the CIO office and LOBs.

“The chief transformation officers will identify business transformation opportunities within the enterprise and will work closely with the business. The arrangement would be such that the ownership of the project will lie with the respective LOBs while the company-level value creation and competitive edge will be jointly shared between them,” he says, adding that the CIO could become the chief custodian or chief architect, and if unable to add any value to the board, the CIO may end up reporting to the chief transformation officer.

IDC’s Lai agrees.

“I believe the role of the CIO will evolve to being a chief business technology officer role, which many CIOs may find challenging, but is one where they are partners to the business to deliver on the promise of new digital business and operating models,” he says.

“C-level executives are increasing their focus on profitability and improved operational efficiency by concentrating on enhancing employee productivity, innovation, and time to market,” he says. “If CIOs are to play a technology/business orchestration role in the leadership team, part of that effort will involve building or strengthening relationships with business counterparts.”

Roles

After recent rounds of high-profile layoffs, a lot of technologists are looking for work in a market that’s different from any they’ve experienced. More companies are now set up to support remote work, which offers candidates a wider range of potential employers. The new working models benefit companies, too, since they can now hire people with rare and highly desirable skills, regardless of location.

Yet some organizations still insist everybody come into the office. Ed Toner, for example, CIO of the State of Nebraska, has a policy of 100% in-office work. “When you decrease face-to-face interaction, you decrease growth and professional development,” he says.

At the other end of the spectrum, and half a world away, other organizations accept fully remote arrangements—at least for some positions. “When you need highly skilled workers in a sparsely populated country, you benefit from a policy that allows remote work in suitable roles,” says Jarkko Levasma, Government CIO for Finland.

Overall, however, most IT leaders now favor hybrid work, which usually means at least three days a week in the office. According to Gartner’s Human Resources Research Team, employee expectations for a flexible work environment have grown—and hybrid work is clearly here to stay.

Forward-thinking IT leaders have already thought a lot about how to best implement hybrid work, and this extends well beyond technology. It also means providing emotional support to a dispersed workforce. Job seekers should target companies that address all the needs of people who work at least part-time from home.

Getting the technology right

The most obvious thing CIOs need to do to support a remote or hybrid work environment is provide the right technology. But there’s more to it than that. “As soon as you start heavily supporting remote work, your footprint increases significantly,” says Irvin Bishop, Jr., CIO of Kansas City-based engineering firm Black & Veatch. “This significantly raises your security concerns.”

Black & Veatch supported remote work before Covid-19, but during lockdown, they deployed more collaboration tools including virtual whiteboards, polls, and voting so people could still brainstorm and share perspectives. “It’s not always easy for people who are not in the same room to be recognized and given equal airtime and attention,” he says.

The company, which already supported over 100 different office sites, implemented additional virtual system monitoring tools to support a larger population of home workers. These monitoring tools make sure systems are up and functioning—a much easier task when everybody’s in the office connected on WiFi or Ethernet. Also, keeping infrastructure working flawlessly takes an even higher priority when people are remote, because they can’t do anything if they can’t connect.

During the pandemic, Bishop found that managers had to adapt to radically different schedules as employees got accustomed to having more control over tasks. They started earlier, finished later, or worked whatever schedule best suited their lifestyles and family. “Now they expect that level of autonomy,” says Bishop. “Managers have to be attentive to these new expectations.”

French multinational tire manufacturer Michelin also supported home working before Covid-19, but only as an exception. About 10% of employees worked from home from time to time—and even for those people, it was only for about one day a week. The company had already undergone a complete upgrade of their Microsoft stack to a modern cloud solution in 2018, so they were well prepared when the pandemic struck.

“One of the mistakes we made during the lockdown was having people turn their camera off during Teams meetings to save bandwidth,” says Yves Caseau, group digital & information officer at Michelin. “We quickly found out that if the goal of a meeting is to have people collaborate and be creative, it’s best to have them work face to face. But if they cannot be in the office, they absolutely need cameras on. So we increased our bandwidth to support more video traffic.”

Like Michelin, German rail logistics company DB Schenker supported remote work on a very limited basis before the pandemic. “About five percent of the staff worked from home,” says Fredrik Nordin, CIO of DB Schenker for Sweden, Denmark, and Iceland. “And those people only worked remotely for one day every two weeks. Even with a limited number of employees working from home before Covid, when the lockdowns came, we were well prepared in terms of technological tools.”

Understanding the emotional impact

But technological tools aren’t enough for companies who’ve decided to support a hybrid work arrangement from now on. What’s needed is more emotional support and more team building. According to a Gartner report from May last year, only 24% of remote and hybrid knowledge workers feel connected to their organization’s culture. And who better to turn to for questions of employee well-being than an HR expert? “Remote work has decreased the sense of belonging, and increased the feeling of loneliness and isolation,” says Kirsi Nuotto, SVP and head of HR for VTT, an institute for applied research in Finland. “During the pandemic, we trained all of our managers on emotional agency.”

Managers need to tune into how employees cope when separated from their teams. For example, Michelin found that attention management is even more challenging when some workers are remote, and people tend to multi-task even more than they do in the office. Moreover, working from home amplifies some of the stress. “The paradox of digitalization is that some of the good collective practices that help minimize overload are absent when you work alone,” says Caseau. “For example, taking short breaks to talk about something else with a colleague is not only essential to your health, but it also contributes to making teamwork more efficient.”

DB Schenker noticed during the pandemic that even though efficiency went up in the sense of fitting more meetings into a single workday, the lack of corridor talks and spontaneous alignments that act as the glue in a collaborative organization had to be overcome by scheduling even more meetings.

“We learned that working from home, whether forced or voluntary, is perceived very differently from one person to another,” says Nordin. “One person’s joy and happiness over not having to commute to the office is another person’s worst nightmare. Remote work is very tough on the people whose personalities crave interaction with others.”

Despite these challenges, both Michelin and DB Schenker say the flexible work environment provides a net benefit. Both companies now have a hybrid policy, where employees are allowed to work from a home office two days a week.

What’s best for a new generation of employees

With hybrid being normal now for so many companies, top management is looking to fine tune the flexible work environment. “A year after training all managers on emotional agency, we saw an improvement in 12 out of 14 different psychological markers,” says Nuotto. “Encouraged by this tangible difference, we have now extended training to include all of VTT’s 2,200 employees.”

She points out that many people assume this kind of training can be carried out in a matter of hours. But getting it right requires not only classes over an extended period, but also a way of practicing the ideas. Trainees at VTT have “sparring” partners to bounce their ideas off one another outside of class hours, for instance.

Meanwhile, back in Kansas, Bishop says managers need to be more intentional in a hybrid environment. “If you’re facilitating a hybrid meeting, you have to be intentional and ask specifically if there are comments or questions from people who aren’t in the room,” he says. “You can use techniques, such as Round Robin, to go around the table and the screen or phone to get comments from everyone. Another option is to appoint a virtual meeting facilitator to ensure people who are remote can hear the dialog, see the presentation, and contribute equally to the meeting.”

These techniques help build trust, keep collaboration high, and make people feel a lot more included. Employees want empathy from management—and when they find an organization that makes them feel that, even from their home office, they return the favor through loyalty and productivity.

“We want to be the best place to work on the planet,” says Bishop. “We’re trying to create the best environment, so people love working here.” Bottom line is the new generation of employees expects a hybrid work environment, and they want to be fully supported in their workplace, wherever that may be.

CIO, Employee Experience, Employee Protection, IT Leadership, Remote Work

Persuasive Communication Workshop, FutureIT | Dallas, March 29th. Hosted by Dan Roberts, Host, Tech Whisperers Podcast, CEO, Ouellette & Associates and Larry Bonfante, Senior Consultant, Ouellette & Associates.

IDG

Don’t miss CIO’s FutureIT | March 29 at the Tower Club, Dallas presented by CIO, CSO and ComputerWorld. A pre-conference workshop will be exclusively offered to conference attendees, hosted by Dan Roberts, Host, Tech Whisperers Podcast; CEO, Ouellette & Associates and Larry Bonfante, Senior Consultant, Ouellette & Associates. This team will provide an in-depth interactive workshop on how to influence stakeholders effectively and build communication skills.  With the role of the CIO and senior technology leader now centered on having a seat at the leadership table, this workshop will help build knowledge and skills to persuasively communicate strategy, goals, and budget needs which is critical learning for the IT leader. To learn more and register here

Events

Industries increasingly rely on data and AI to enhance processes and decision-making. However, they face a significant challenge in ensuring privacy due to sensitive Personally Identifiable Information (PII) in most enterprise datasets. Safeguarding PII is not a new problem. Conventional IT and data teams query data containing PII, but only a select few require access. Rate-limiting access, role-based access protection, and masking have been widely adopted for traditional BI applications to govern sensitive data access. 

Protecting sensitive data in the modern AI/ML pipeline has different requirements. The emerging and ever-growing class of data users consists of ML data scientists and applications requiring larger datasets. Data owners need to walk a tightrope to ensure parties in their AI/Ml lifecycle get appropriate access to the data they need while maximising the privacy of that PII data.

Enter the new class 

ML data scientists require large quantities of data to train machine learning models. Then the trained models become consumers of vast amounts of data to gain insights to inform business decisions. Whether before or after model training, this new class of data consumers relies on the availability of large amounts of data to provide business value.

In contrast to conventional users who only need to access limited amounts of data, the new class of ML data scientists and applications require access to entire datasets to ensure that their models represent the data with precision. And even if they’re used, they may not be enough to prevent an attacker from inferring sensitive information by analyzing encrypted or masked data patterns. 

The new class often uses advanced techniques such as deep learning, natural language processing, and computer vision to analyze and extract insights from the data. These efforts are often slowed down or blocked as they face sensitive PII data entangled within a large proportion of datasets they require. Up to 44% of data is reported to be inaccessible in an organization. This limitation blocks the road to AI’s promised land in creating new and game-changing value, efficiencies, and use cases. 

The new requirements have led to the emergence of techniques such as differential privacy, federated learning, synthetic data, and homomorphic encryption, which aim to protect PII while still allowing ML data scientists and applications to access and analyze the data they need. However, there is still a market need for solutions deployed across the ML lifecycle (before and after model training) to protect PII while accessing vast datasets – without drastically changing the methodology and hardware used today.

Ensuring privacy and security in the modern ML lifecycle

The new breed of ML data consumers needs to implement privacy measures at both stages of the ML lifecycle: ML training and ML deployment (or inference).

In the training phase, the primary objective is to use existing examples to train a model.

The trained model must make accurate predictions, such as classifying data samples it did not see as part of the training dataset. The data samples used for training often have sensitive information (such as PII) entangled in each data record. When this is the case, modern privacy-preserving techniques and controls are needed to protect sensitive information.

In the ML deployment phase, the trained model makes predictions on new data that the model did not see during training; inference data. While it is critical to ensure that any PII used to train the ML model is protected and the model’s predictions do not reveal any sensitive information about individuals, it is equally critical to protect any sensitive information and PII within inference data samples as well. Inferencing on encrypted data is prohibitively slow for most applications, even with custom hardware. As such, there is a critical need for viable low-overhead privacy solutions to ensure data confidentiality throughout the ML lifecycle.

The modern privacy toolkit for ML and AI: Benefits and drawbacks

Various modern solutions have been developed to address PII challenges, such as federated learning, confidential computing, and synthetic data, which the new class of data consumers is exploring for Privacy in ML and AI. However, each solution has differing levels of efficacy and implementation complexities to satisfy user requirements.

Federated learning

Federated learning is a machine learning technique that enables training on a decentralized dataset distributed across multiple devices. Instead of sending data to a central server for processing, the training occurs locally on each device, and only model updates are transmitted to a central server.

Limitation: Research conducted in 2020 from the Institute of Electrical and Electronics Engineers  shows that an attacker could infer private information from model parameters in federated learning. Additionally, federated learning does not address the inference stage, which still exposes data to the ML model during cloud or edge device deployment.

Differential privacy

Differential privacy provides margins on how much a single data record from a training dataset contributes to a machine-learning model. A membership test on the training data records ensures that if a single data record is removed from the dataset, the output should not change beyond a certain threshold.

Limitation: While training with differential privacy has benefits, it still requires the data scientist’s access to large volumes of plain-text data. Additionally, it does not address the ML inference stage in any capacity. 

Homomorphic encryption

Homomorphic encryption is a type of encryption that allows computation to be performed on data while it remains encrypted. For modern users, this means that machine learning algorithms can operate on data that has been encrypted without the need to decrypt it first. This can provide greater privacy and security for sensitive data since the data never needs to be revealed in plain text form. 

Limitation: Homomorphic encryption is prohibitively costly because it operates on encrypted data rather than plain-text data, which is computationally intensive. Homomorphic encryption often requires custom hardware to optimize performance, which can be expensive to develop and maintain. Finally, data scientists use deep neural networks in many domains, often difficult or impossible to implement in a homomorphically encrypted fashion.

Synthetic data

Synthetic data is computer-generated data that mimic real-world data. It is often used to train machine learning models and protect sensitive data in healthcare and finance. Synthetic data can generate large amounts of data quickly and bypass privacy risks. 

Limitation: While synthetic data may help train a predictive model, it only adequately covers some possible real-world data subspaces. This can result in accuracy loss and undermine the model’s capabilities in the inference stage. Also, actual data must be protected in the inference stage, which synthetic data cannot address. 

Confidential computing

Confidential computing is a security approach that protects data during use. Major companies, including Google, Intel, Meta, and Microsoft, have joined the Confidential Computing Consortium to promote hardware-based Trusted Execution Environments (TEEs). The solution isolates computations to these hardware-based TEEs to safeguard the data. 

Limitation: Confidential computing requires companies to incur additional costs to move their ML-based services to platforms that require specialized hardware. The solution is also partially risk-free. An attack in May 2021 collected and corrupted data from TEEs that rely on Intel SGX technology.

While these solutions are helpful, their limitations become apparent when training and deploying AI models. The next stage in PII privacy needs to be lightweight and complement existing privacy measures and processes while providing access to datasets entangled with sensitive information. 

Balancing the tightrope of PII confidentiality with AI: A new class of PII protection 

We’ve examined some modern approaches to safeguard PII and the challenges the new class of data consumers faces. There is a balancing act in which PII can’t be exposed to AI, but the data consumers must use as much data as possible to generate new AI use cases and value. Also, most modern solutions address data protection during the ML training stage without a viable answer for safeguarding real-world data during AI deployments.

Here, we need a future-proof solution to manage this balancing act. One such solution I have used is the stained glass transform, which enables organisations to extract ML insights from their data while protecting against the leakage of sensitive information. The technology developed by Protopia AI can transform any data type by identifying what AI models require, eliminating unnecessary information, and transforming the data as much as possible while retaining near-perfect accuracy. To safeguard users’ data while working on AI models, enterprises can choose stained glass transform to increase their ML training and deployment data to achieve better predictions and outcomes while worrying less about data exposure.  

More importantly, this technology also adds a new layer of protection throughout the ML lifecycle – for training and inference. This solves a significant gap in which privacy was left unresolved during the ML inference stage for most modern solutions.

The latest Gartner AI TriSM guide for implementing Trust, Risk, and Security Management in AI highlighted the same problem and solution. TRiSM guides analytics leaders and data scientists to ensure AI reliability, trustworthiness, and security. 

While there are multiple solutions to protect sensitive data, the end goal is to enable enterprises to leverage their data to the fullest to power AI.

Choosing the right solution(s) 

Choosing the right privacy-preserving solutions is essential for solving your ML and AI challenges. You must carefully evaluate each solution and select the ones that complement, augment, or stand alone to fulfil your unique requirements. For instance, synthetic data can enhance real-world data, improving the performance of your AI models. You can use synthetic data to simulate rare events that may be difficult to capture, such as natural disasters, and augment real-world data when it’s limited.

Another promising solution is confidential computing, which can transform data before entering the trusted execution environment. This technology is an additional barrier, minimizing the attack surface on a different axis. The solution ensures that plaintext data is not compromised, even if the TEE is breached. So, choose the right privacy-preserving solutions that fit your needs and maximize your AI’s performance without compromising data privacy.

Wrap up

Protecting sensitive data isn’t just a tech issue – it’s an enterprise-wide challenge. As new data consumers expand their AI and ML capabilities, securing Personally Identifiable Information (PII) becomes even more critical. To create high-performance models delivering honest value, we must maximize data access while safeguarding it. Every privacy-preserving solution must be carefully evaluated to solve our most pressing AI and ML challenges. Ultimately, we must remember that PII confidentiality is not just about compliance and legal obligations but about respecting and protecting the privacy and well-being of individuals.

Data Privacy, Data Science, Machine Learning

“Life can only be understood backwards but it must be lived forwards,” wrote Danish philosopher Søren Kierkegaard. That’s true, but what if by some stroke of magic we could go back in time and give a pep talk to our younger selves. What would we say? To provide some indirect counsel for first-time CIOs, we asked IT leaders to have a quiet word with their younger selves when they first took on a senior IT leadership role.

Give yourself the gift of time

Some CIOs pondered how they managed that most precious resource: time.

“I wish I’d have told myself to buy myself more time, setting out a three-year, step-by-step plan, and not try and get everything right on day one and solve everything in the first year,” says David Henderson, chief technology and product officer at music and entertainment group Global.

Gregory Morley, CIO at services provider United Living Group, says he’d say to the younger Morley: “Stop and take more breaths,” and many others we spoke to agreed, adding that going 100 miles per hour was at best counterproductive and at worst a recipe for burn-out and making yourself unpopular.

Speak up

A tendency to bottle up thoughts is a regret for some who felt cowed or overwhelmed by bosses, fellow execs, or their own teams when they were new to the IT leader role.

“I wish I focused on talent and culture over strategy,” says Henderson. “The right team with the right culture can do anything, and early on, I wasn’t courageous enough to deal with the cynics, time wasters, and the toxic few that affect the majority.”

Similarly, Caroline Carruthers of global data consultancy Carruthers and Jackson recommended being true to yourself.

“It’s something I tell a lot of younger people at schools,” she says. “Don’t limit yourself based on other people’s expectations. I felt I had to be like other people at that level and say certain things and behave in a certain way. When I freed myself and said, ‘That’s not right,’ my career really took off.”

Several CIOs say they wished they had more gumption.

“Once you take the hot seat, don’t second-guess yourself,” says Lenovo global CIO Arthur Hu, with the benefit of hindsight. “There’s a difference between being cautious and being too tentative, and there were times when I could have been more confident. The company puts you in the chair because they trust you.”

Nic Bellenberg, an experienced CIO at publisher Condé Nast and elsewhere, had some practical advice.

“I’d say be fearless,” he says. “I bit my tongue so many times in the first year in my first CIO job [and] I regret not saying to company directors, ‘No, you’re wrong. That’s not the way to do things. What we need to do is…’ I remember being ambushed by two of the owners, who knew that they had underinvested in tech and the tech team for many years. Their opening line was, ‘Well, things aren’t really all that bad, are they?’ I should have said, ‘Worse than you can possibly imagine.’”

Interim CIO at TDS Consulting Tony Healy added: “The most significant risk you can take is not taking any risks, getting bogged down in analysis paralysis and not making a decision.”

It’s not (just) about tech

CIOs were at pains to stress they sometimes overly focused on the tech aspects of the job.

Richard Steward, CTO of UAE real estate company Nakheel, offered a simple formula. “Think and talk business first, technology second,” he says. “There are thousands of technology investments that can be applied to improve a business, but to make the right decisions, you need to understand what your business really needs next and get aligned with your CXO colleagues on that.”

Healy concurred.

“Make a concerted effort to meet the business stakeholders on day one,” he says. “Show them you aren’t just a techie but someone who can make technology work for them. Read the business strategy, understand it, and make it your mission to help deliver it. Focus on how technology can work better for external and internal customers.”

Bruna Pellici, CTO at law firm Linklaters, agreed. “It’s not all about the tech. It’s as much about the people, creating an equitable and diverse team, keeping people motivated and laying the path for development and growth.”

Build bridges

Similarly, fostering deep relationships with others within the organization is something many IT leaders wished they learned earlier.

“I’d tell myself to spend way more time with the board, execs and non-execs, educating them about the true value of tech, rather than it being largely seen as PCs on desks, printers and servers, and periodic upgrades to application software,” says Jerry Fishenden, an experienced IT leader and expert on government digital strategy. “I’d aim to be better at challenging and educating them about some of their most basic assumptions of how the organization operates, how it connects with those it’s there to serve, and where it will be in the future.” 

Healy also had some advice for his younger self.

“Building relationships with your peers, colleagues, and stakeholders is critical to your success as a CIO,” he says. “Take the time to understand the needs and concerns of different departments and build relationships based on trust and collaboration. Focus on outcomes rather than outputs. Don’t get bogged down in the technical details. Instead, focus on how your IT initiatives can help the business achieve its goals.”

Get some training

Today, all CIOs need to think about having a culture of continuous improvement and lifelong learning for themselves and their staff. And they certainly recognize the value of training for new CIOs.

“Get some formal leadership training,” says Keith Baxter, head of IT and InfoSec at Carlow, College, St Patrick’s, in Ireland. “I did my MSc in leadership a little later and it really added a great toolset of frameworks and knowledge to my roles, allowing me great outcomes in various areas.”

Others said a grounding in the nuts and bolts of business operations would have been valuable.

“I think the one thing I would have told myself when starting as a CIO was to get training in understanding balance sheets, EBITDA and finance,” says David Ivell, group chief product and technology officer at edutech company Team Teach. “Often as CIOs, we come from a tech background and then we advise organizations on M&A, accelerating growth, and business restructures, and it’s not just about the tech anymore. I have gained that experience over time, but I could have short-cut that journey.”

Be a storyteller

Today’s CIOs need to translate what’s happening with tech for others who may not understand its nuances and implications. But many are going further and trying to be true storytellers in order to be in a better position to persuade and cajole.

Phil Brunkard, a former CIO and CTO at telecoms giant BT, emphasized the importance of psychology and the power of narrative.

“Stakeholder engagement and how you influence and get people on board is critical to their perceptions of you, and around technology and the IT team,” he says. “If they are protective and change- or risk-averse, that affects initiatives. When you think about implementing change, it’s all about how you speak to the little voice in people’s head. Think about storytelling in films, identify a hero, be aware, and definitely get some training.”

Healy agreed.

“Nobody in a boardroom is going to be interested in technical details,” he says. “Tell a story they can understand. Read and subscribe to magazines, understand the latest trends, follow other CIOs on LinkedIn and look at what they follow or read.”

Invest in your team

Several CIOs stated the importance of teambuilding and team development, including giving people the guidance, resources and tools they need.

Lenovo’s Hu said he was influenced by business writer Jim Collins, author of Good To Great: Why Some Companies Make The Leap… And Others Don’t, who argues that even if circumstances change, having the right people with you makes a huge difference to the success of the organization.

“One of his books talks about who’s on the bus and who’s off that bus,” he says, adding that following that guidance and figuring out the team made a big difference to eagerness and tangible results.

But sometimes, managing teams needs to have a ‘get tough’ component too.

“Don’t underestimate the effort needed to get your team performing and onside,” warns Bellenberg. “You need to be fearless in dealing with weaker team members, dissidents and the generally two-faced. I remember trying to be encouraging, supportive or diplomatic, rather than just telling staff straight that they were not doing well enough or that they were simply out of order. It’s all about managing change and that’s a bigger subject than you can ever be prepared for until you’ve been through it at an organizational level. But if you can cultivate enough fearlessness, you’ll make progress.”

Balance work and life

The CIO role has high levels of responsibility, but some leaders would like to go back and remind themselves that work, and speed of work, isn’t everything.

“One of the things I didn’t have was patience, so I was pushing hard on the people around me,” says Federal Reserve System CIO Ghada Ijam. “I used to be very hard on myself too: ‘Why aren’t you making the progress you said you were going to make?’ I was super-focused on outcomes. So be kind to yourself. Be realistic in your expectations and the pace of your output and the people around you. Bring people along by touching their hearts and minds, not just with objectives and incentives. ‘A’ was the only grade I would accept for myself, and that meant very long hours so there were family sacrifices from that. Running at that pace takes its toll eventually.”

Ijam adds that the Covid lockdown also changed attitudes and made people more attuned to dissatisfaction with working conditions and culture.

“The most fascinating thing that happened to the workforce in the pandemic is it forced us to step back and come back home, find time for hobbies and to enjoy nature,” she says. “That’s one reason why we saw so many job transitions in corporate America.”

Think about equality, D&I, and be kind

United Living Group’s Morley said knowing what he knows today, he would have pushed harder and earlier for diversity. A lot of progress has been made to promote ED&I in the CIO community, he says, but adds that it’s also important to recognize the contributions of people whose work often get overlooked.

“Have a greater appreciation for the many unsung heroes in each business,” he says. “These are the diligent and patient PAs and the administrators in HR, finance, legal, etc. who quietly grease the wheels and make a CXO’s role that much easier.”

Global’s Henderson said bringing outsiders in can provide a valuable perspective too. “I wish I’d embedded more people in the business,” he says. “Getting ambassadors and experts in among the wider business always pays off.”

Enjoy it

Speaking to a range of CIOs uncorked lots of memories, a few regrets, but also laughter and reminiscences. One CIO said that if they could go back, then taking a job at Apple or Microsoft could have been a smart move in terms of share options renumeration. But lots of CIOs said that no matter how many instructions or warnings they would have liked to give their younger selves, one thing is clear: the CIO role is a great career path so, whatever you do, don’t forget to enjoy the journey.

Careers, CIO, IT Management

In addition to showcasing your executive experience and accomplishments, effective and targeted personal branding can demonstrate thought leadership and expertise within specific domain areas, as well as make a statement about your core values, character, and attitude. It can also help you move roles, whether from an operational “keep the lights on” CIO position to a more forward-looking innovative one (or vice versa), or even a CDO, COO or CEO role.

There’s a financial component, too. The Thinkers360 2023 B2B Thought Leadership Outlook study, conducted in association with the British Computer Society (BCS), found that over 86% of thought leadership creators rate their content as adding over 25% to the brand premium they command in the marketplace, and over 48% stated it added over 75%.

So no matter where you are in your personal branding journey, here are 10 best practices to help you maximize your personal brand both in the near-term and throughout your career.

Determine your commitment to personal branding – This is the “why” of your personal brand. What do you want your legacy to be? What do you want to be known for? Think about your personal branding goals for this year, but also where you want to be in up to 10 years’ time. It’s fine to adjust your personal brand as well. For example, if you’re known for your expertise in emerging technologies, it makes sense to keep your brand up to date with the latest trends (while being careful not to spread yourself too thin attempting to cover too many topics).

Pick your thought leadership persona – As a CIO, your primary persona is likely that of an executive, but think about other thought leadership personas that can help to amplify your primary persona. This might be as an author, influencer or speaker, for example, from your perspective as a CIO. If you’re uncomfortable with keynote speaking, you can be just as effective as a panelist at industry events and conferences, or on the receiving end of media interviews. The most important thing is to choose a persona that’s authentic to your personality and something you enjoy doing.

Pick your area of expertise – Once you’ve chosen your thought leadership persona, you’ll want to think about the area of expertise you’d like to anchor to your personal brand. This might be your CIO role itself, or even a specific technology or leadership discipline such as artificial intelligence, machine learning or change management. For example, Claire Rutkowski, CIO of infrastructure engineering software company Bentley Systems, gives advice from her perspective with actionable insights such as her experience with ProSci’s ADKAR model, which can be useful for change enablement.

Start small – If you’re new to thought leadership and wish to add this aspect to your personal brand, you can often start small with a ‘land and expand’ approach. Start small with an article or blog, a media interview, a speaking slot at an industry event or conference, or even by entering some suitable industry awards. This all builds credibility, adds to your personal profile, portfolio, and media kit, and can help land your next “win” such as a book, a keynote, or a major award, such as the CIO 100 Awards. When selecting any of these outlets, choose wisely, since your personal brand will be shaped by the brands you associate with.

Amplify your personal brand – The Thinkers360 study found that specialist communities were the number-one destination for access to thought leadership content by readers, and a top-three destination for thought leaders to disseminate their content after social media and individual web sites. Depending on the business model, these specialist communities can often help you to build, amplify and monetize your personal brand as well.

Use your career journey to tell your brand story – Your life experiences and career journey all tell a story about your personal brand. Think about the various career moves you’ve made over the years, the rationale for each move, and how this helps to shape the narrative about your personal brand. This may also help influence your next move too.

Round out your competency over time – Once you’ve become a world-class author, influencer, or speaker (no small feat in itself), the next step is to round out your skills so you’re even more versatile. Gartner encourages this among their analysts and advisors, so they develop their skills not only in terms of one-on-one advising and writing research reports, but also in public speaking in front of both small private groups and large audiences at conferences. This helps to develop skills to best connect with your audience regardless of the context.

Use your personal branding to promote your organization – As a CIO, you can be an excellent employee advocate for your own organization, and many CIOs do this to a greater or lesser extent based on personal preference. This may involve piloting solutions internally before they’re released to the public, and helping with internal case studies. Many CIOs, not only pilot internally, but hit the road with other members of the C-suite to meet with key clients and share their experience.

Make your content insightful, engaging, and actionable – The Thinkers360 study found that thought leadership consumers cited insightful (94%), forward-looking (90%), engaging (89%), relevant (88%) and actionable (84%) as extremely important or very important attributes of thought leadership. In an era of increased competition for attention, thought leaders plan to cut through the noise by making their content highly actionable (73%), multichannel (59%), and shared via specialist communities (55%).

Treat your personal brand as your most valuable asset – According to Tom Koulopoulos, author of Revealing the Invisible, the great myth of the Internet is if you have volumes of great content, you don’t need to worry about creating a thought leadership brand. This is no truer for a thought leader brand than it is for a corporate brand. In many ways you must be more vigilant about how you present yourself to the market, prospects, and clients. His advice is to craft, curate, and care for your brand as though it were your most important asset, because it is.

As a CIO, you’ve put a lot of energy into advancing your organization and its mission. Putting some energy into your personal branding is well worth the effort and it will benefit your organization too.

Careers, CIO, IT Leadership

The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small.

With every such change comes opportunity–for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores.

Adversaries continue to innovate. Keeping up–and hopefully, staying ahead–presents new challenges. Here is a short list of recent considerations for CIOs as they work with their teams to shore up their defenses.

Multifactor authentication fatigue and biometrics shortcomings

Multifactor authentication (MFA) is a popular technique for strengthening the security around logins. With MFA, the website or application will send a text message or push notification to the user with a code to enter along with their password.

MFA fatigue or ‘push phishing’ is a popular hack that targets MFA by repeatedly sending the user superfluous, malicious MFA notifications in hopes they inadvertently accept one or simply click to stop the annoying flood of messages.

In other cases, MFA includes a biometric step–reading a fingerprint, scanning a face, and the like. Users appreciate the convenience of biometrics, but they have their flaws as well. 

Sometimes they simply don’t work, perhaps due to a change in contact lenses or a new tattoo. Any spy thriller aficionado will also know it’s possible to ‘steal’ someone’s fingerprint or facial image–and once an individual’s biometric is compromised, there’s no way to change it the way we change passwords.

Security implications of ChatGPT and its ilk

ChatGPT and other generative AI technologies have taken the world by storm, but the combination of their sudden popularity and a general lack of understanding of how they work is a recipe for disaster.

In reality, generative AI presents a number of new and transformed risks to the organization. For example, ChatGPT is eerily proficient at writing phishing emails–well-targeted at particular individuals and free from typos.

A second, more pernicious risk is the fact that ChatGPT can write malware. Sometimes the malware has errors, but with simple repetition the hacker can generate multiple working versions of the code. Such polymorphic malware is particularly hard to detect, because it may be different from one attack to another.

Securing the software supply chain

The Log4j vulnerability that reared its ugly head in late 2021 showed a bright light on the problem of software supply chain security.

Most commercial enterprise software products and nearly all open-source ones depend upon numerous software packages and libraries. Many of these libraries are themselves open-source and depend upon other libraries in a complex network of opaque interdependencies.

Some of these components have professional teams that test and maintain them, releasing security patches as needed. Other open-source components are the result of some lone developer’s moonlighting activities from years past. 

For each open-source component in your entire IT infrastructure, which are the well-maintained ones, and which are the forgotten work of hobbyists? And how do you tell?

Getting ahead of the ransomware gangs

Ransomware is big business for the criminal gangs who have figured out how to capitalize on it. The malware itself is easy to buy on the Dark Web. In fact, there’s a veritable bazaar of ransomware variations, as hackers maneuver to create the most pernicious version.

From the enterprise side, the ransomware problem is multifaceted and dynamic. The malware itself continues to evolve, as do the criminal strategies of the perpetrators. 

The most familiar strategy–encrypting files on servers and then demanding a ransom for the decryption key–is but one approach among many. Other attackers steal data and threaten to release it to the public. Another angle is to target the victim’s backups.

No list of strategies and techniques does the ransomware problem justice, as the bad guys continue to innovate. CIOs and CISOs must remain eternally vigilant.

Managing costs while supporting digital transformation

The Covid pandemic accelerated many digital transformation initiatives as executives struggled to meet the suddenly changing needs of both customers and employees.

Today, economic challenges generate digital transformation headwinds as the needs of customers and employees change once again to address post-pandemic realities.

Cybersecurity budgets are typically caught between these two forces. Given the importance of meeting customer needs on limited resources, how important is cybersecurity?

It’s vitally important, of course – but it’s only one of the many risks CIOs must mitigate. Other risks include operational risk (the risk of downtime), technical debt risk (the risk of failures of legacy technologies), as well as compliance risk.

There’s never enough money to drive all these risks to zero–so how should executives decide which risks to mitigate and how much money and time to spend mitigating them?

Organizations must be able to engineer comprehensive risk management that quantifies each type of risk and establishes risk targets that conform to budgetary and human resource limitations.

This ‘threat engineering’ gives CIOs a justifiable approach to making cybersecurity expenditure decisions while also mitigating the other risks facing the IT organization.

Advice moving forward

This article highlights modern security trends for CIOs that weren’t on anybody’s radar as little as five years ago. Five years from now, the list might once again be entirely different.

Such is the nature of cybersecurity risk management. The risks continue to evolve as adversaries improve their strategies. CIOs must remain vigilant while they leverage state-of-the-art cybersecurity tools and strategies to keep one step ahead of the bad guys.

Read the eBook: Views from the C-suite: Why endpoint management is more critical than ever before

© Intellyx LLC. Tanium is an Intellyx customer. Intellyx retains final editorial control of this article. No AI was used in the production of this article.

Security

Signs of a tech talent shift are under way, with IT pros increasingly turning away from Silicon Valley and tech stalwarts in favor of new roles outside the technology industry.

For Andreea Bodnari and Chris Jones, both of whom left Silicon Valley tech companies to work at healthcare organization Optum, the lure was not concern over mass layoffs in big tech, but the prospect of solving real-world problems and the opportunity to work on technologies that make a difference in people’s lives.

Bodnari, who previously worked at Google, says that while the search engine giant was a great place to build core technology, it felt more meaningful to integrate healthcare with AI. UnitedHealth Group, the parent company of Optum “was the holy grail of healthcare know-how and prowess,” says Bodnari, vice president of product at Optum.

Andreea Bodnari, vice president of product, Optum

Optum

Jones, who joined Optum from Meta in November 2022 as a senior principal applied scientist, says the move meant being able to leverage his expertise in responsible AI while making a positive, real-world impact in healthcare. 

Healthcare seemed like a better place to put his expertise to use “than the slightly ephemeral stuff I was working on at Microsoft,” says Jones, who spent a decade at Microsoft prior to his time at Meta.

Chris Jones, senior principal applied scientist, Optum

Optum

That sense of purpose and yearning to do meaningful work is the ace in the hole for Optum Enterprise CTO Francois Charette, who has hired a number of Silicon Valley technologists in recent months. Charette says that in his conversations with candidates, he is struck by how they are “really looking to make an impact on people’s lives” rather than just work on cool technology, he says.

Breaking the stronghold on talent

Historically, Silicon Valley and high-tech companies have had a leg up on luring top talent in part because they provided access to advanced technology, “but now, it’s basically used everywhere, so they’ve sort of lost their edge there. They’ll have to compete for talent like everyone else,” Charette says, adding that Optum’s mission of helping people live healthier lives “resonates extremely well for folks.’

It’s not just healthcare; other “traditional” industries such as insurance, transportation, banking, pharmaceuticals, and consumer products goods are all witnessing a surge in interest from tech professionals who no longer feel the allure of working at venture capital-infused Silicon Valley startups that promised innovative and challenging tech projects. Now, with the recognition that technology fuels all businesses, they can pretty much find those opportunities at almost any company.

You don’t always find a sense of great purpose working in Silicon Valley, observes Diogo Rau, executive vice president and chief information and digital officer at Eli Lilly and Co. “Any engineer throughout history has probably been motivated in large part by the impact they can have on society,” says Rau, who joined Eli Lilly two years ago after a decade at Apple. “It’s bigger than working on interesting problems. … Engineers throughout millennia want to do something that’s bigger than themselves and can last.”

Diogo Rau, EVP and chief information and digital officer, Eli Lilly and Co.

Eli Lilly and Co.

Rau hired a former Apple colleague who approached him and was incentivized by the offer to run the software engineering team at the Indianapolis-based Lilly after hearing about the types of projects he could work on. “I can tell you he didn’t come for the weather,” Rau jokes.

Perceptions are shifting

Lately, there is more receptivity to hearing about opportunities in other sectors for positions in information security, data, engineering, and cloud, observes Craig Stephenson,managing director for the North America technology, digital, data and security officers practice at Korn Ferry.

“The savvier CIOs are certainly trying to take advantage of the disintermediation in tech and recruiting the talent,” agrees Dennis Baden, a partner in Heidrick & Struggles’ Boston office and global managing partner of the technology officers and digital officers practice.

The tide is turning because of the large volume of layoffs and because engineering talent at big tech companies is more open to being scouted by other industries, Baden says. “Some of it is their equity is down and there may not be as much of an upside to staying.” Additionally, companies in other industries are demonstrating there are interesting and complex issues to solve as technology becomes more closely aligned with business goals, he says.

“There’s a world outside big tech and [a belief] that we can solve interesting problems and build cool software,” Baden says.

There are several considerations for tech professionals when assessing new roles and first and foremost is “the notion of impact or mission,” Stephenson says. “Individuals are looking to make sure they have a role that is socially responsible and globally responsible.”

While compensation remains important, the industry a company is in has become another consideration, as well as how the role is defined, the reporting structure and career path, he says.

And despite the uncertain economy, technologists, especially those with specialized skills, are still in high demand, and “established industries” are prepared to pay for talent with the skill sets and experience they need, according to Dice’s 2023 Tech Salary Report.

“This contrast between a rapid contraction in big tech and continued digitization initiatives across key industries sets the stage for an incredibly interesting year for tech hiring and retention in 2023,” the report notes.

Traditional companies let technologists be ‘rockstars’

XPO, a large freight transportation provider that handles more than 13 million shipments every year, is moving to the cloud and has a lot of initiatives geared at how to efficiently move freight through its network. All of XPO’s technology is proprietary and built in-house and CIO Jay Silberkleit has hired a lot of developers from Silicon Valley companies.

Jay Silberkleit, CIO, XPO

XPO Logistics

“What we see is if you have fun and interesting problems and a good work culture, that incentivizes the Silicon Valley technologists to want to move into other companies,” he says. “What’s important to them, and really, to all technologists, is they like to see … that the technologies they’re creating are having an impact on the companies they work for.”

Additionally, big tech companies have gotten so large, it’s harder to make an impact, Silberkleit says.

“A lot of people are leaving these companies to go to more traditional companies where they can be rockstars and have a massive impact,” he says. “They want to prove themselves and show that tech can change a company and be a differentiator for them.”

There has been a paradigm shift, and regardless of the business unit, individuals with deep tech savvy are now required throughout organizations, says George Thomas, CIO of JLL, a global commercial real estate firm.  

George Thomas, CIO, JLL 

JLL

Another factor driving “curiosity” from Silicon Valley talent to work in traditional industries like real estate is that “we are increasingly competitive now” from a salary perspective, Thomas says. These tech professionals also have a desire “to balance their career progression with work/life balance … one could argue that’s a challenge” in Silicon Valley, he notes.

Traditional organizations also have large amounts of legacy systems and some technologists want the challenge of being able to modernize them, Thomas points out. “I call it the ‘blue ocean curiosity.’” Candidates he has spoken with also care about diversity and inclusion as well as companies that are committed to reducing their carbon footprints.

Making an impact is very important to modern tech professionals, Thomas says. “I think we’re ready for them.” At the same time, he says the level of interest in working in more traditional companies is “much more than I’ve seen in previous years.”

The lure of applied AI

Across the board, CIOs and other IT leaders are hiring software engineers, machine learning engineers, data scientists, digital project managers, and cloud professionals, and many are, in fact, offering them the opportunity to work on impactful and innovative projects.

At Proctor & Gamble, CIO Vittorio Cretella is focusing on cloud-native development and says IT has deployed about 180 apps from their Kubernetes platform, an increase of 76% in the past few months. Applied AI is another area of growth, and the company’s AI factory is in the process of deploying algorithms “so the teams of machine learning engineers who work on [them] know what they’re building are cutting edge,” Cretella says.

Vittorio Cretella, CIO, Proctor & Gamble

Proctor & Gamble

While he isn’t looking at Silicon Valley technologists exclusively, “it’s a natural component of the talent pool we target,” he says. “We offer them the unique value proposition of working in a digitally-savvy, large CPG company so they can keep working on leading-edge technologies, but also see how their work … produces a positive impact on consumers around the world.”

Another draw is the opportunity to gain experience working in a variety of businesses across a portfolio of 65 brands, Cretella adds.

P&G is applying AI at scale and automating the machine learning deployment process, he says. Product lines include an intelligent toothbrush that interacts with consumers with embedded AI. “These are large-scale applications of AI technology where our employees can see the results of their skills being applied and providing benefits to consumers,” which can be inspiring to technologists, he says.

He believes job stability is another lure. Unlike the peaks and valleys the tech industry has experienced, P&G is committed to hiring for the long haul. “We hire for careers and that’s a time horizon that’s much longer than any economic cycle,” Cretella says. “We hire for the job that needs to be filled today while understanding what skills will fuel the future. Technology underpins everything we do … and we make a commitment with recruits to provide them with a long-term career” as well as job security, flexible work arrangements, and skills development across all brands and geographic locations.

Saving people’s lives

Reducing friction for patients and providers and reducing the burden of disease are two areas of focus for Peter Fleischut, group senior vice president and chief information and transformation officer at NewYork-Presbyterian Hospital. There are also more people using the hospital’s portal than there are doctors using electronic records. That has meant a need to hire a lot of machine learning specialists and web and application developers “who have the ability to do what’s been done in other industries and apply that to healthcare,” Fleischut says.

Peter Fleischut, group SVP and chief information and transformation officer, NewYork-Presbyterian Hospital

NewYork-Presbyterian Hospital

One tech professional he hired away from Silicon Valley started his career as a data scientist and then began medical training to combine the two disciplines, he says. When he talks to candidates, Fleischut says he doesn’t promote IT projects as much as emphasizing a need to change how the organization works and takes care of patients.

“The exciting thing we can offer is we fundamentally save people’s lives every day,” he says. In addition to the opportunity to work at a large health system with hospitals throughout greater metropolitan New York, Fleischut believes there are many people who are driven by “the altruistic nature of our mission,” which the organization “has been pretty direct about.”

Working in a non-toxic environment

Like Silberkleit from XPO, Eli Lilly’s Rau has “made a conscious shift” to bring more tech development in-house, saying it is more costly to hire contractors, projects take longer and “at the end, you don’t retain the knowledge. My view is anything that’s strategically important, that’s something you need to do yourself and don’t give it away.”

Yet, he admits that the company hasn’t done a great job of selling its purpose in its recruiting efforts. Rau attributes that to a deeply ingrained culture that everyone takes for granted.

“Everyone takes a lot of pride in what they do here in the technology world, even if they’re a couple of steps away [from] getting people medicine” that will improve their lives, he explains. “It’s a different sensation from just solving cool problems.”

Beyond that, Rau believes that having a good environment to work in is extremely important. The phrase he heard when he worked in Silicon Valley and continues to frequently hear from friends there, is “toxic work environment,” he says. “It’s almost jarring because I don’t hear it anymore here at Lilly.”

That has caused Silicon Valley to “lose some of its luster,” Rau says. “If you’re a good engineer, why put up with that and be in an environment where you’re seeing bad behaviors from your boss or colleagues? Life’s too short to be in that [environment].”

Rau also speaks from personal experience. When he worked at Apple, “I was averaging one [expletive referring to a contemptible person] per week. … I’ve been here a year and a half, and I haven’t met an [expletive] yet.”

Hiring

Leading a technically complex initiative can feel like you’re climbing Mount Everest. Find out what it’s actually like to scale the world’s tallest peak – and how it really does relate to your digital journey – from extreme adventurer Jamie Clark.

Clark will join prominent IT leaders from around the region at CIO’s FutureIT Dallas conference, taking place March 29 at the Tower Club of Dallas.

Designed for professionals in the Dallas-Fort Worth IT community, the event promises to help attendees master the complexity of digital innovation.

The daylong event kicks off with a workshop on persuasive communication. Led by Larry Bonfante, a senior consultant at Ouellette & Associates and former CIO of the United States Tennis Association, and Dan Roberts, host of the Tech Whispers podcast, the interactive session will coach attendees on gaming out a strategy for success when navigating tough conversations with colleagues, vendors, board members, and other stakeholders.

Forward-thinking businesses are realizing the role of the CIO in using technology to achieve business outcomes – especially in today’s uncertain economic times. Textron Vice President and CIO Kimberly Mackenroth, and Madhuri Andrews, former chief digital and information officer at Jacobs, will offer practical strategies to lead the digital journey and avoid burnout.

Immediately following their discussion, the conversation will open to the audience for a talkback session in which attendees can offer their insights and work through challenges at their organizations.

Another reality redefining the workplace is hybrid work environments. Compucom’s Troy Baldwin, product management director, will share tips for improving employee experience and building “remote right” strategies that connect digital workforces across the world.

Tackling one of today’s hottest IT trends – AI – is Don Goin, executive vice president and CIO of Texas Capital Bank. Goin will discuss how to realize the biggest gains using AI and how to move from pilot programs to true integration.

A common thread through all digital initiative is security. Tony Lauro, director of security technology and strategy at Akamai, will share the latest threat intelligence and how to protect against vulnerabilities introduced by the cloud and a distributed workforce.

Find out what’s next in future of enterprise automation with IDC’s Ritu Jyoti, group vice president of the worldwide artificial intelligence and automation research practice and global AI research lead.

With data and analytics forming the cornerstone of digital innovation, learn how to build a data-driven culture with Tony Caesar, Ericsson’s head of IT, North America, in conversation with U.S. Silica Vice President and CIO Ken Piddington.

Thomas Vick, regional director at the executive recruiting firm Robert Half, will give an overview of the IT executive job market as well as identify the skills that are emerging as must-have among successful candidates.

Throughout the day, attendees will have opportunities to learn about new solutions from technology partners and to network with peers.

There will be lively discussion groups with experts on topics such as zero trust, next-gen cloud strategies, and emerging technologies.

Attendees will also have the chance to participate in a guided networking session as more casual networking breaks. The day will wrap with a networking reception.

Don’t miss out – register now!

Digital Transformation

In an IT marketplace marked by turbulence, inflation, and economic uncertainty, the process of contracting with vendors for technology products and services has gotten significantly more challenging for CIOs.

IT leaders may find that prices are going up without an accompanying increase in benefits, with technology providers — less dependent on any one industry or geography — taking a harder line on deals, says Achint Arora, a partner in the pricing assurance practice at Everest Group.

“Prices are increasing, and negotiation is becoming more difficult,” agrees Melanie Alexander, senior director analyst on Gartner’s sourcing, procurement, and vendor management team. “Vendors are not granting the same concessions they have in the past.”

Evolving regulations related to data privacy, data sovereignty, and responsible AI further complicate matters as customers and vendors work out the responsibility and costs of meeting increasingly stringent requirements.

What’s more, technology contracts are often multilayered. The SaaS provider you’re negotiating with may be constrained by its own deals with IaaS vendors and IT service providers.

“Today’s biggest challenges are complexity and compliance,” says Brad Peterson, a partner in Mayer Brown’s Chicago office and leader of its global technology transactions practice. “There are an increasing range of technologies and providers. Technologies such as AI and processes such as agile make it more difficult to know what commitments to seek. The group of stakeholders keeps growing.” 

Pricing models and metrics can also be complex, making it difficult to understand when additional costs might kick in, Alexander says. Indeed, the arithmetic can be downright opaque.

“Some contracts are structured as a black box with limited view into the components and their commercial impact,” Arora says, adding that buyers with limited access to market data are at a disadvantage when negotiating. “The sell side typically has the information advantage.”

Technology capabilities, often provided by third parties, are intrinsic to business operations and growth, so the deals IT leaders set up with their vendors and service providers are of strategic importance, making effective negotiation a key difference maker not just for IT, but the business.

CIO.com talked to technology transaction experts, who live and breathe contracts and pricing, about the best actions IT leaders can take to negotiate effectively with vendors for the outcomes they seek. Here are their top 10 tips.

Recognize the significance of the contract

The legal agreement between vendor and customer is not just a document standing in the way of getting work started; it sets the tone for the relationships and the expectations for vendor performance. If what you’re looking for isn’t in the contract, it won’t happen.

“The biggest missteps seem to flow from applying approaches that succeed internally across organizations,” says Peterson. “This causes the IT leader to underestimate the role of the contract as the foundation for the relationship and the importance of the supplier’s incentives, culture, and business to the success of the contract.”  

Build in the time for back and forth

Coming to terms takes time that IT leaders should factor into the process and any business expectations for how quickly a deal can be done. “We often see that IT leaders do not allow enough time for a successful negotiation,” says Arora. “Reaching a win-win agreement takes patience from both parties.”

This is particularly important for as-a-service contract renewals. “Neglecting to track contract renewal dates inevitably results in little time to effectively negotiate,” says Alexander. “Proactively manage software maintenance and support renewals, as well as SaaS renewals, and allow enough time to truly evaluate how these deals fit your technology roadmap.”

Seek cross-functional expertise and input

A host of issues can crop up when those who do the negotiating are disconnected from those who operationalize the agreement, says Marc Tanowitz, managing partner in the advisory and transformation practice at West Monroe.

“That causes some friction as the operations that are conceptualized in the agreement don’t necessarily make their way through to the delivery team,” Tanowitz says. “This can ultimately erode confidence and value delivered to the client.”

Before negotiating with any supplier, IT needs to get on the same page with other business leaders regarding core objectives, risk appetite, and standards by which to assess deal terms — before a product or service contract is even on the table.

“IT sourcing is a team sport,” says Peterson. Deals done by business users alone may be technically unsound. Deals done by procurement professionals alone may reduce costs but disappoint users. Deals done by IT departments alone provide leading-edge technology but often at high cost and legal risk. That’s why IT leaders should build an advisory team — or at least get appropriate input — when deciding on key deal points.

Peterson advises creating a team with representation not just from IT, but also users, operations, finance, procurement, and legal. “Get specialists advice early, to avoid costly pitfalls,” Peterson says. “[And] run an informed, efficient, effective process designed to make good decisions while building good relationships.”

Look beyond price

It’s the biggest misstep Tanowitz sees in vendor negotiations? “Over-indexing on price — for example, the perceived lowest cost —rather than value,” he says, adding that IT buyers who work collaboratively with their service providers to structure full solutions that add value to their enterprise end up with greater satisfaction levels in their IT service provider relationships.

IT buyers may think they got a good deal if they get the vendor to come down on price. But that’s almost never the case. In fact, low prices may be a red flag — an indication of hidden costs that will emerge later or under-sizing of the deal by the vendor. “A deal that is priced too low can have greater negative impact than overpaying,” Arora says.

Do your homework

“Consider benchmarks, market norms, and strategy before entering the room for a negotiation,” advises Amy Fong, partner in the sourcing and vendor management group at Everest Group. Price should be part of the pre-negotiation assessment, but not the lead factor.

“Build a holistic service delivery view and consider factors beyond cost such as performance, efficiency, and risk management,” Fong says.

Decide on your negotiation approach

“One of the common complaints is when either party considers the negotiation to be win/lose,” says Arora. “This tends to be driven by a position-based negotiation strategy.”

Taking a unilateral stance to serve your own needs, demanding outcomes, or making ultimatums may simplify the process or speed it up, but it doesn’t foster collaboration. “In fact, it often results in splitting the difference with both parties compromising on benefits,” Arora says.

A more effective approach is interest-based negotiation. “In this framework both parties work to understand the other’s needs, desires, and problems to be solved,” Arora says. “While this extra effort can be difficult to execute – deconstructing and analyzing positions can be complicated and nuanced – the process focuses more on problem solving.”

The result is better value distribution and typically a stronger relationship with the vendor. Seeking mutual gains, agreeing on equitable terms, and executing a balanced contract should be the goal, says Fong.

Look beyond the obvious solutions

IT buyers often end up negotiating a deal as an end unto itself instead of looking more broadly at how to generate business value. For example, they might focus on signing an IaaS deal rather than looking for a reliable platform for running specific software.

Even when negotiation begins in earnest, it pays to set pricing aside at first. “Design the right solution from the business before negotiating the final price,” advises Tanowitz. “Allow the service providers the opportunity to differentiate based on the unique assets or tools or accelerators that they can bring to the operations.”

There may be alternative deal models that make sense. “Buyers should stop running away from more complex commercial models like outcome-based contracts,” says Arora. “Discussing outcome-based contracts with service providers should be a strategic decision, geared toward better business results for both parties.”

Get all-in pricing and press for cost protections

Even as IT leaders take a win-win approach to vendor deal-making, it’s important they protect their interests. That begins with making sure you get “all-in” pricing from vendors to eliminate surprise costs, says Peterson.

Alexander advises pushing for cost protections for deals and renewals. “Some deals that lack such protection have resulted in increases in annual fees between 5% and 20% — sometimes even higher,” Alexander says. “Negotiate caps on renewal increases, reveal and protect against hidden costs, and include flexibility in the pricing model or contract term length.”

Tanowitz also recommends “hard-wiring” any productivity and cost savings improvements in vendor contracts to ensure they are realized.

Take advantage of economic volatility

Macroeconomic dynamics are changing faster than ever and IT leaders should ensure that their deals flex with the times.

“As we move from a hot tech economy to recession, IT leaders have tremendous opportunities to optimize cost through contracting with IT vendors,” says Peterson. “Use an agile approach based on the negotiating leverage you gain in the downturn. Focus negotiating energy to what past downturns have demonstrated are the ‘money points’ in the negotiations while building for the future.”

Have an exit plan

Just like startup founders have a clear exit plan when they launch, so too should CIOs when approaching a vendor contract.

“IT leaders need to have an understanding of what it will take to disentangle themselves from that vendor and, just as importantly, when they can,” says Alexander. “Ensure a smooth transition to another solution by including data extraction and transition assistance in contracts.”

CIO, IT Leadership, Outsourcing