We recently passed the 100-day mark since VMware joined Broadcom. While much work remains, we’ve made substantial progress as we build the world’s leading infrastructure technology company.

In the 18-month process of evaluating and acquiring VMware, we looked at everything to identify what’s needed to create more value for our customers. We’ve acted decisively to increase customer value since we closed the acquisition in late November.

We overhauled our software portfolio, our go-to-market approach and the overall organizational structure. We’ve changed how and through whom we will sell our software. And we’ve completed the software business-model transition that began to accelerate in 2019, from selling perpetual software to subscription licensing only – the industry standard.

Of course, we recognize that this level of change has understandably created some unease among our customers and partners. But all of these moves have been with the goals of innovating faster, meeting our customers’ needs more effectively, and making it easier to do business with us. We also expect these changes to provide greater profitability and improved market opportunities for our partners.

Beyond our commitment to simplification across the organization and portfolio, and to making our products easier to buy, deploy, and use, we’ve committed $1 billion to invest in innovation.

VMware Cloud Foundation – A Platform for Agility, Innovation, and Resiliency

Like Broadcom, VMware has a remarkable history of innovation. Many major brands and Fortune 500 companies run their mission-critical workloads on VMware software. What Broadcom has brought to the table is a renewed sense of focus.

When I spoke to CIOs, CTOs, our partners and influencers over the past 20 months, three themes consistently emerged:

Technology complexity is slowing organizations down, in an era in which speed is critical to win;

There’s a need to simplify IT to support this increased business velocity and provide the flexibility needed to respond quickly to market changes; and

Resilience and security are paramount, along with attracting and retaining developers.

VMware Cloud Foundation, or VCF, is our platform for innovation going forward. It’s the solution that will help us address the business outcomes our customers have expressed to me directly as their most critical priorities.

VCF is a completely modernized platform for cloud infrastructure. It’s fully software-defined compute, networking, storage and management – all in one product with automated and simplified operations. It’s more fully integrated, so our customers can reap the full value from our technology.

With VCF, our customers will achieve a highly efficient cloud operating model that combines public cloud scale and agility with private cloud security and resiliency. And we believe it delivers this at a lower cost of ownership for the average enterprise customer, compared with the ever-increasing cost of a public cloud. To allow more customers to benefit from VCF, we’ve cut the previous subscription list price by half and increased support service levels.

VCF also makes life easier for developers by offering a self-service, private cloud experience, which enables greater productivity.

In short, it allows you to be your own cloud provider.

Three distinct product portfolios add value to our VCF platform and make it competitive with current public cloud offerings: Tanzu accelerates application development, delivery and management of workloads on containers; Application Networking and Security brings distributed firewall and threat intelligence, and load balancing into this infrastructure; and Software-Defined Edge extends the public cloud to the edge.

I’ve recently been on the road meeting with customers to explain our strategy and the virtues of VCF. For more details, including an update on innovations we’re working on and how our pricing strategy will benefit customers and partners, check out this recent post from VMware’s Prashanth Shenoy.

The first 100 days were a strong start for VMware as part of Broadcom. Please stay tuned. There’s much more to come.

About Hock Tan:


Hock Tan is Broadcom President, Chief Executive Officer and Director. He has held this position since March 2006. From September 2005 to January 2008, he served as chairman of the board of Integrated Device Technology. Prior to becoming chairman of IDT, Mr. Tan was the President and Chief Executive Officer of Integrated Circuit Systems from June 1999 to September 2005. Prior to ICS, Mr. Tan was Vice President of Finance with Commodore International from 1992 to 1994, and previously held senior management positions with PepsiCo and General Motors. Mr. Tan served as managing director of Pacven Investment, a venture capital fund in Singapore from 1988 to 1992, and served as managing director for Hume Industries in Malaysia from 1983 to 1988.

Cloud Computing

Public cloud services provider Oracle on Monday said it will launch a new cloud region in Serbia, which will make it the first among rivals including Microsoft, Amazon Web Services (AWS), Google and IBM, to offer a hyperscale data center in the Eastern European country.

The new cloud region, which will serve Southeast Europe, will be located at the Jovanovac village region in the proximity of Serbia’s fourth largest city, Kragujevac, Oracle said in a statement.

The Serbian government has plans to develop Kragujevac into an innovation hub, earmarking nearly 56,000 square meters and €120 million (US$130 million) for the entire effort, which is to be carried out in three phases.

The new region will also support the increasing cloud computing demands of private and public sector organizations throughout Serbia, Oracle said.

Oracle will offer over 100 Oracle Cloud Infrastructure (OCI) services and applications, including Oracle Autonomous Database, MySQL HeatWave Database Service, and Oracle Container Engine for Kubernetes via the upcoming region.

Other Oracle cloud regions in Europe are located in cities including Paris, Marseille, Frankfurt, Milan, Amsterdam, Madrid, Stockholm, Zurich, London, and Newport. Also, the company runs two government cloud regions in the UK.

Most rival hyperscalers have presence in cities such as London, Frankfurt, Paris, Milan, Zurich, Stockholm and Madrid.

Microsoft is planning to open new regions in Vienna, Copenhagen, Helsinki, Athens, Milan, Warsaw,  and Madrid, the company’s website shows.

Oracle continues to invest in cloud regions

Oracle has continued to invest in expanding its cloud region footprint in an effort to compete with rival hyperscalers including AWS, Microsoft and Google Cloud.

In addition to its existing regions in Europe, Oracle has announced intentions to launch two sovereign cloud regions in the region, located in  Germany and Spain.

Last month, the company announced its intent to open a second region in Singapore to meet demand.

Oracle also has plans to invest about $2.4 billion every quarter for the next few quarters on cloud infrastructure, CEO Safra Catz said during an earnings call for the quarter that ended in November.

In December last year, the company launched a public cloud region in Chicago, its fourth in the US after Virginia, California, and Arizona.

Cloud Computing

The energy sector is in a consistent state of transformation—both digital and otherwise—but the word “transformation” can be thrown around loosely, as if it just happens with an organization. In reality, it’s hard work, and hard to do. Change is challenging, and maintaining high-performance and diverse teams is fundamental to deliver success.

“A main thing organizations face is the position of technology within it, and how well respected or well thought of your technology team is,” says Mandy Simpson, chief digital officer at fuel retailer Z Energy, New Zealand. “Until you’ve built trust into this team, and it’s well thought of to do what it says it’s going to do, it’s hard to make significant change. My starting point in every organization I’ve worked for is how to become a trusted partner. Once you’re there, everything gets easier, so your expertise starts to be seen as something to be trusted to move the organization forward. You have to build that a little piece at a time by doing what you say you’re going to do over weeks, months, and years.”

Attracting that integral workforce, however, is a challenge in itself. Drawing more people to IT and tech roles, regardless of background, requires shattering the stereotypes of the industry and the perception of how narrow the search criteria for talent is.

“We have to showcase the diversity of roles,” says Simpson. “Within my area, we have everything from developers, testers, and integration, but also through BA Scrum Masters, there’s product management, design, and data analytics, all set within our digital team. There’s something for everyone, and showcasing that is really important.”

Of course, being in a position on the leadership team affords Simpson the position to hear everything going on, and thereby have an opinion or offer input.

“I don’t just sit in the leadership team and talk about technology,” she says. “I make it my job to understand all the things that are going on. This is my first role in the energy sector, so there was a steep learning curve as I tried to understand everything from fuel supply through to the customer-facing parts of our business. There are heaps I don’t yet fully understand, but that’s part of it. You can’t influence if you don’t understand the business you’re trying to influence.”

For Simpson, the bottom line is get the widest experience you can because the role of a CDO, CTO, or CIO, is, at its heart, a dynamic leadership role.

“I think people worry that if they step outside their technical role, it’s hard to get back in,” she says. “If somebody offers you an opportunity to do something different, do it because those experiences are what, in the end, give you this kind of wider view of the world. Go for the roles that scare you. That’s when you learn the most.”

CIO Leadership Live New Zealand’s O’Sullivan recently spoke with Simpson about embracing change, achieving a transformation end point, and what it takes to be a forward-thinking, modern-day CIO. Watch the full video below for more insights.

On high-change organizations: One thing that’s been the same in every organization I’ve worked for is they’ve been high-change organizations. Either ones that are going through sector-wide transformation like Z is now, or high-growth organizations. Transformation has been really important in all of those. And one thing I love about that is it means you can really bring your experience into the role and look for ways to improve things relatively quickly. Areas of high change are something that definitely suit me. They don’t suit everybody. And I think there are leaders who have a preference for being involved in organizations that are maybe a bit more steady-state, but I am definitely a bit of a change junkie.

On the transformation trajectory: We might feel like there’s a starting point to transformation, but in fact it’s been an ever-transforming landscape. If you work in technology, you’ve been in change forever. The technology itself is changing, but also how we use technology in businesses and how we think about it has changed a lot in the past decade. I don’t think there’s ever exactly a starting point. The most important thing is to start where you are, not wish for something different or wish to go backward, but just to start with what you have. Then take that as the playing field to play from. I often find people get stuck when they wish they had more people, more money, or that senior leadership would listen to them. You just have to use the playing field you have. In lots of other areas of our lives, we don’t take that approach. It’s much easier if you can just accept what you have and move forward from there.

On what transformation is: My view on transformation—digital transformation, in particular—is we’re moving toward an endpoint. Lots of people will say it’s ever-changing, and I agree that, from a technology point, it is. But to me, the endpoint is an agile organization, and I don’t mean agile as in the way we think about doing work, but a nimble organization. If you can transform your organization to the point where it’s able to rapidly respond to whatever happens, then that’s the transformation. So, is there an endpoint to that? There are always tweaks along the way, but you can see organizations move from being static to being able to deal with whatever comes at them. That’s relevant to us at Z, because you could say, “In 40 years’ time, there’s no future in hydrocarbons.” That might happen in 10 years or 100 years. I have no idea which of those is true, and I have to be ready for all of them. We also don’t know what the replacements are going to be. Are we looking at electricity, hydrogen? What’s the role of biofuels here? All of those things are rapidly changing. The Prime Minister actually just announced that the biofuels mandate is now going to be cancelled, so how do we respond to that? Does that actually change what we’re going to do? As an organization—not just the technology part but the whole organization—we need to be able to move forward quickly. That, to me, is the goal of transformation: To move your culture of your organization forward. The technology parts in transformation are just ongoing along the way.

On being a modern-day CIO: The biggest thing is being a wider leader. Leading an organization, not a technology function, I very much see my role and all of the Z leadership roles. I don’t just lead the technology function of Z; I, along with my colleagues, lead Z. That ability to step up and out, and see the wider picture is really important. Communication skills and translating technology to the strategic objectives of the business and back, and making that connection, is incredibly important to help every level of the organization prioritize. I’m not sure there was ever a time we had enough resources to do everything we wanted to do, but that feels more acute now than it has done in the past. That makes a strong approach to prioritize what needs doing, and ensure it’s fully agreed across a whole organization. If anybody ever finds the perfect way to do that, I would love to know. I spent a lot of time thinking about that process. And we have a strong delineation between prioritization, which is done by our business leaders, and then planning, which is done by the technology team and various team members of the areas they plan for. That’s taken a long time to bed in, but it’s running nicely now, which means I can spend more of my time focusing on prioritization, knowing that the organization will plan to the prioritization list we’ve given.

On nurturing talent: We have people who spend two or three years at Z, but we also have people who have been here for over 35 years. It’s a culture where you can move around and get some entirely different parts to your career. One thing Z does, which is different to anything I’ve seen before, is recognize that every person is a leader. We talk about what leadership attributes you should have at every stage of your career, and I think that makes career transitions easier. It’s not like you suddenly become a leader partway through. We talk about leadership from day one. Then it’s helping people to think about their career, not necessarily in terms of the roles they want to have, but what they want to do. Helping people understand themselves is something we spend a lot of time thinking about.

Chief Digital Officer, Digital Transformation, Diversity and Inclusion, Energy Industry, IT Leadership

By virtue of their position between IT and effecting business strategy, CIOs can identify what processes their organizations need in order to modernize and automate. When it comes to updating core systems to drive operational efficiencies, they also have to ensure that a sound business case exists to automate them, says Laurie Shotton, VP and analyst at Gartner. That’s not surprising since CIOs typically own IT automation, as well as help drive business automation. But it’s not always a given the two aren’t working at cross purposes.

“For the last 15 to 20 years, organizations have been trying to modernize core systems in order to drive operational efficiencies,” he says. “And quite often, the business case for replacing them doesn’t stack up.”

Automation, the business, and the CIO

Since automation can help improve KPIs and create new channels to help improve end-user experience, it’s one of the primary tools in a CIO’s toolkit to drive the business forward, says Brian Woodring, CIO at Rocket Mortgage. “The biggest challenge is making sure that by automating the business, you’re not just taking a legacy, highly bureaucratic manual process and putting RPA in front of it,” he says. “You may get some short-term wins, but you’re unlikely to deliver durable value. One of the biggest things I’ve learned is you can’t do automation to the business; you have to do it with the business.”

As an example, the technology organization of the pharmaceutical segment at Cardinal Health collaborates closely with business leaders so they can identify current pain points and determine the right processes to automate, focusing on how these tools will improve the customer or employee experiences, says CIO Greg Boggs.

“Our technology organization collaborates closely with business leaders so we can identify current pain points and determine the right processes to automate, focusing on how these tools will improve our customer or employee experiences,” he says. “In general, it’s been straight forward to quantify the business impact of automation initiatives, given they typically have clear before and after business metrics. We’ve matured our practice around automation and built architecture that’s enabled us to be nimble, innovative, and able to pivot quickly in a dynamic, global healthcare environment.”

The challenge of the CIO’s job at a financial institution, however, is to eliminate waste by redefining the entire business process while delighting the client and simultaneously maintaining compliance, says Woodring.

Additionally, businesses that combine automation with AI will be able to make faster decisions, optimize business processes, and drive higher rates of efficiencies, says Subramani Elumalai, VP of application management services delivery at Capgemini.

Other CIOs concur that the business is the central consideration for automation efforts.

At Northwestern Mutual, for instance, the company’s mission — to free Americans from financial anxiety — drives everything it does to inform its business priorities, says Jeff Sippel, CIO and EVP.

From a practical level, the organization is consistently looking to apply automation solutions where they can have meaningful impact. The company measures the success of these efforts by business outcomes, not the success of the automation itself, he adds.

Automation as enabler

Automation and business goals also go hand in hand for Vaibhav Tandon, head of commercial management, Adani Electricity Mumbai Ltd.

Automation acts as an enabler to identify specific processes and achieve business requirements, he says. Customer centricity is also crucial to the power company’s business goals, and automation initiatives ensure it enhances the system’s productivity effectiveness. “It’s become one of the key levers in the client experience, and it plays different roles throughout the lifecycle of that change,” says Sippel.

For the CIO, this requires a broader and longer-term perspective while simultaneously keeping the lights on and innovating to create the best client experience.

“We’re essentially rebuilding the city while we’re living in it, so the CIO is constantly weighing both the strategic and tactical considerations: what are the right tools, and how do we bring them together at the right time and place,” he says.

Jamie Smith says his job as CIO at the University of Phoenix is to evangelize the opportunities for applying automation across all the university’s activities. His perspective is that automation augments human tasks so the university can do more for its students.

The university currently employs a variety of automations including RPA to automate recurring human tasks for efficiency, ML-based automated nudges to facilitate student progression and attendance, and an automated virtual assistant (Phoebe) to broaden the support window for working adult students when they need assistance.

Priorities for CIOs

Automating complex workflows will remain a CIO priority, says Petr Baudis, CTO and chief AI architect at London-based Rossum. The key will be getting such projects to scale beyond departmental silos. A catalyst to make this happen will be the ongoing improvements in AI-enabled data capture.

Fast and accurate data extraction will speed up transactions and automation capabilities, and be the foundational technology within any business intelligence or data analytics platform, enabling better collaboration and B2B communications, he says.

“The types of automation technology we see being vital include RPA along with process and task mining,” says Baudis. “We’re seeing a convergence taking place between all these technologies as enterprises try and scale their automation projects.”

Plus, Adani Electricity this year is continuing with advancements in the areas of distribution management, customer experience, the metering ecosystem, and consumer data analytics, says Tandon.

“We’ve implemented SAS’ AI/ML-based energy forecasting solution to improve our forecasting performance,” he says. “This has helped us achieve a forecast accuracy of around 97%, thereby allowing us to optimize power procurement costs while providing reliable electricity supply to our 2.5 million consumers. We’ll also continue with advancements in distribution management, the metering ecosystem, and consumer data analytics.”

The power company’s flagship automation projects include implementing an advanced distribution management system to create a self-healing grid infrastructure with enhanced visibility and scalability to improve the customer experience. They’re also implementing a cloud-based data lake and analytics solution that will provide what Tandon calls a single source of truth, and drive self-service analytics and data-backed decision-making to help them operate more efficiently.

“Estimated readings for our customers stood at 2.2% three years back, but now we’ve brought them down to 0.3%,” he says. “The whole mechanism was automated so all readings were optically downloaded without any manual intervention. This initiative not only ensured our system accuracy and return of equity (RoE) incentive, but also improved transparency and reduced consumer complaints.”

And at the pharmaceutical segment at Cardinal Health, a main goal is to also boost its efforts in warehouse automation to better serve its customers, Boggs says.

“In IT, we’ll continue to prioritize infrastructure as code, continuous integration and deployment, and AI operations,” he says.

The University of Phoenix has some new automation projects on tap as well. Currently, the institution is developing an enterprise platform that will enable the increased use of ML and automation across a wide range of student and staff journeys, Smith says.

“This engine will be deeply integrated into our data lake to enable truly individualized student support at the right time, through the best channel,” he adds.

The university also plans to continue improving student support by continuing to automate increasingly complex tasks in matriculation, transcript processing, and student financial aid.

“Recent advances in the ability to consume unstructured documents and natural language processing are enabling a whole new crop of complex tasks to become candidates for automation,” says Smith.

His team is creating platforms and systems by which they can effectively scale and govern automation safely and reliably. After all, he says, there’s nothing less effective than automating a process that shouldn’t exist. Automation combined with AI should significantly help businesses make faster decisions, optimize business processes, and drive higher rates of efficiencies, says Elumalai. “It has the potential to improve business KPIs through auto-detect, auto-heal solutions, and create new channels to improve end-user experience,” he says.

Artificial Intelligence, Business IT Alignment, CIO, Data Management, IT Leadership, IT Operations, IT Strategy, Machine Learning

Beyond one’s own personal relationships, opinions on how others conduct theirs are usually none of anyone’s business. But when it comes to actual business, George Al Koura, CISO of online dating company Ruby Life, has built a career on how long-term success depends on building team cohesion within the organization, and elevating the relationship with partners outside it.

“We’re effectively a software company, but we have to humanize one another,” he says. “When we look at today’s hot resource market, competing for talent on traditional lines has been a bit of an archaic and sometimes toxic game where personnel leave organizations within months of joining due to offers of substantially greater compensation or benefits. This situation isn’t strategically feasible at the industry level.”

Also unsustainable are interactions with vendors that are only there to make their quarterly quota and no sense of loyalty. “That’s not the best way of doing business nor the best career fostering real improvement opportunities,” he says.

Turning a vendor into a partner, he says, takes an understanding of business outcomes and anticipating change in the sector that need a pivot or reaction, and then help you understand that. “There’s still work to do in that area of collaboration but there are positive signs,” he says.

For Al Koura, it’s a constant learning process inherent to a leadership journey that was never straightforward or predetermined from the start, with a non-traditional path to entry for a tech career.

“I actually don’t have a formal STEM education,” he says. “I studied political science psychology at military college and served in the Army regular forces until about 2016. I had a technical job as a communications research operator, but after a while, I wanted a new challenge. I started a couple of businesses but ultimately nothing stuck. Yet there’s something to be said about failing fast and failing often. Looking back at those times, I was learning a lot of great lessons that would serve me later in life. But those lessons were definitely learned the hard way.”

CIO Leadership Live’s Rennick recently spoke with Al Koura about the importance of collaboration with colleagues and forging reliable, long-lasting relationships with business partners. Watch the full video below for more insights.

On learning on the job: I was a junior analyst doing shift work at a 24/7 global operation. While I enjoyed my time in software, I knew I was capable of more. So I spent a bunch of my overnight shifts reviewing all the SLAs for the company’s entire 80 plus clients to understand the business of cyber and what the organization actually did. In doing so, I found they sold some managed threat intelligence services that we weren’t delivering on. It was a light-bulb moment and I realized I had an opportunity to build those services and advance my career further. At the time, one of my VPs was John Proctor, who’s now CEO of Martello Technologies. He and I go back over 10 years serving in the Army together, and he was a bit of a trade mentor for me then. We always had a good relationship and I told him about what I saw and he gave me an opportunity to build that capability out. What’s interesting is I had no formal education or training on threat intelligence, and I was learning security operations in the cyber role on the fly at the time. So my version of a CTI service was built around something different from anything else you’d find in the market because I was leaning on a decade of military intelligence training and converting that knowledge into customer value within a CTI context. The success of that service company was promoted out of the SOC and into a senior consultant role where I had my first commercial team. A lot of good and bad times in those days, but most importantly I was learning and getting better every day.

On the CISO-CIO relationship: At both my current and previous employer, I had the privilege of working with two outstanding CIOs. Our infrastructure was handled by IT veteran Tim Farrington, who’s been doing this for over 20 years in SMEs throughout Ontario. He was very resourceful and organized in his approach to infrastructure management. Together we got the organization ISO 27001 certified, which took about two years. So a lot of important leadership lessons were learned through that process. Now I work with our current CIO, Srdjan Milutinovic, who’s also very highly experienced. He’s been an empowering mentor and believes in hiring the right people in the right roles and letting them drive what needs to happen in their respective areas. He’s personally driven the transition of our entire company into an agile and safe methodology of software development, meaning he understands and expects empathetic, results-driven leadership out of all his respective department heads. I consider him a mentor and I enjoy the opportunity to soak up as much knowledge and trade experience I can with him. And if I look at the qualities and people he’s brought in, you can see the sense of loyalty and respect he commands. That’s what you’re looking for in a CIO.

On collaboration: I can’t get too deep into our own tech stuff specifically, but an example of a great collaborative partner or vendor partner I have is my relationship with Record Future. They have the best CTI platform, but they also have talented account and technical support. I’ve worked with them and their platform across every one of my employers throughout my entire InfoSec career. A lot of vendor relationships are very transactional and I find that’s not very genuine in terms of the care they give you. But my discussions with RF are never driven around whatever new widget or service they’re pushing. Rather, they continually assess where they can provide additional value to the state of my operations by having sales growth and development conversations focused on improving our current level of maturity. It’s a committed collaboration partner with a stake in seeing us succeed, and not simply in making their quarterly quotas. And I think that’s what it takes.

On team building: My approach has been to lean on my network, to scout, develop and capture talent by creating my own social pipeline. When someone is in school or a new grad or mid-career, the key thing I focus on is building genuine relationships with them. That investment in time, effort and care is the differentiating factor that makes them want to work with me, even if I can’t pay the same as a Silicon Valley company. In a market where employers and employees are all playing the numbers game against one another to untenable levels, the focus should be on real human relationships and looking at employment as a vehicle to a better quality of life for your people. That’s what makes it worth the time to actually pursue and fill that new head count with that individual. Once you build a pool of known, hopefully trusted talent already waiting for the opportunity to work directly with you, it’s just a matter of making sure the opportunity is right for them and working together to achieve that.

C-Suite, CIO, IT Leadership, Relationship Building, Vendor Management

This article was co-authored by Katherine Kennedy, an Associate at Metis Strategy.

For years, ESG has been little more than a sub-bullet or appendix slide in most CIOs’ strategy decks. But changing consumer sensibilities and heightened investor scrutiny have swept ESG, and technology’s role in it, to the top of the agenda. Corporate strategies hinge on it.

ESG is new territory for many technology leaders and getting up to speed quickly is essential. In a recent survey conducted by Lenovo, 45% of respondents said the CIO should play a critical role in executing the enterprise’s ESG mission. While the scope of ESG is of course much broader than environmental sustainability, the need for speed here is particularly heightened as the SEC moves to enact rules that will require publicly traded companies to disclose their emissions data as early as 2024. For many CIOs today, the first question often is: Where do I start?

Nick Colisto, SVP & CIO, Avery Dennison

Avery Dennison

Nick Colisto, SVP & CIO of Avery Dennison Corporation, has some ideas. ESG has been a priority for him since he joined the company, which designs and manufactures a variety of labeling and functional materials, like tapes and bonding solutions. Over the past several years alone, his team launched a web application that powers AD Circular, a program for recycling used paper and filmic label liners. The team also developed an enterprise-wide system for tracking ESG metrics, like Scope 1 and 2 GHG emissions. Insights from that system are highlighted regularly in the company’s sustainability reports.

Below, Nick suggests a few areas CIOs can start on the journey to creating a proactive ESG agenda that anticipates compliance requirements:

Dedicate a sustainability leader to the CIO organization

A dedicated sustainability expert focused on how data can drive the enterprise agenda while satisfying relevant ESG policies and guidelines is essential, Nick says. “Data is essential to a modern ESG strategy, and you won’t make strides of any respectable length if you’re constantly fighting for the time of the company’s shared ESG resource.”

If your search comes down to hiring someone with ESG policy knowledge versus technical expertise, prioritize the former, Nick says. That way, the person can narrow the scope of ESG use cases to those that will drive the most meaningful results before involving the technical talent responsible for delivery.

Of course, finding the right person is only half the battle. CIOs must set sustainability leads up for success. That means giving them visibility and access. Nick’s leader sits on Avery Dennison’s sustainability council, where he has visibility into the enterprise ESG agenda. He also has a mandate to engage business leaders to collect requirements for any initiative the council pursues, which he then translates into technical specifications and tracks from start to finish.

Focus on data governance

Data governance is vital to ESG initiatives. At minimum, it will form the backbone of your ESG reports, which will command much of your focus at the start of your ESG journey. In addition to ensuring compliance, data will also inform which goals your organization pursues and how it tracks them. Thus, the quality of your data must be exemplary.

Securing that high-quality data, Nick says, starts with establishing a single source of truth. This has been on many a CIO’s docket for a while, but the work often is not prioritized because the value of the data was relatively low, used mostly for historical reporting to support brand positioning and annual sustainability reports. “As investors demand increasingly detailed data to assess climate-related risk, data quality is critical,” Nick says.  “Disparate data will not work for ESG as it’s too difficult to analyze and report on. Also, consolidated ESG data has increased operational and strategic value.”

Once a single source of truth has been established, it must be maintained with robust data governance and management policies. These policies will become especially critical once the scope of regulatory reporting expands to include Scope 3 emissions, those a company generates indirectly, through its supply chain, products, and partners, which are particularly hard to track, says Nick.

Drive accessibility and transparency

Once a lead has been established and a clear governance process put in place, the next step is to make your data accessible and transparent. That means making sure anyone who needs the data can get their hands on it and, once they do, easily understand it. That task is harder than it sounds, but it’s worth your while. ESG programs are unlikely to gain momentum if every routine compliance report requires employees to endure a scavenger hunt for the necessary data. More importantly, people are less likely to invest themselves in a cause that is opaque or poorly understood. Knowing your ESG goals, who they involve, what data they rely on, and what activities will move the needle will make your employees feel they are part of the process. Our team sees four key ways to do this:

Publish a dashboard of the ESG metrics your organization values most: It might include metrics such as carbon offset, DEI ratings, or aggregate scores published by a third-party ESG rating provider. To drive adoption, involve leaders from various departments early in the dashboard design process.Contextualize ESG data and share it with the enterprise: ESG metrics are frequently affected by operational decisions. Yet, the people making those decisions often lack the skills to analyze and interpret ESG data effectively. Provide employees access to low/no-code analytics tools such as PowerBI and Tableau to help them understand their impact on each metric.Incentivize teams to make ESG-smart decisions: Moving the needle on ESG goals requires leaders and their teams to change the way they work. To do that, they need a reason. Give leaders incentives to get smart on the company’s ESG vision, the core metrics, and the role each team plays in realizing the future. For instance, Bank of America’s My Environment® employee program offers, among many incentives, to reimburse a portion of the cost of an employee’s electric vehicle or charger.

The principles above, when applied in earnest, can do much more for companies than simply earn them a sticker for compliance. Nick’s focus on ESG at Avery Dennison demonstrates the central role CIOs can play in asserting IT’s role not only as a service provider, but also an active contributor to an organization’s ESG mission and, ultimately, its growth.

CIO, Green IT, IT Strategy

“As a first-time CIO, there are things you’ve never done before, and conversations you’ve never had before, at this level, in this role,” recounts Sarah Cockrill, who is one year into the director of digital strategy and information technology position at Canterbury University, in Kent, England.

“You almost don’t want to say to your boss, ‘I don’t know how to do this’, because you’ve just had an interview where you’ve taught them how amazing you are, and how you can do the job.”

Cockrill’s story is a familiar tale for first-time CIOs burgeoning with experience and ideas, but are still learning the ropes in an unfamiliar role.

The changing CIO role means new skills are required

Technology leaders today are expected to be business leaders first and IT leaders second, articulating what technology can do for the organization top-down and bottom-up.

And yet, despite past proclamations of IT being confined to a back-office order-taker, some suggest this is how it should have always been; William Synnott and William Gruber first coined the chief information officer term in their 1981book, Information Resource Management: Opportunities and Strategies for the 1980s, arguing at the time that IT was strategic, not simply a means to reduce costs, and that employing a C-level technology executive could offer a competitive advantage.

With IT arguably more influential and less of a commodity than at any point over the last 20 years, Sainsbury’s Group CIO Phil Jordan believes incoming CIOs need to be business-savvy influencers, capable of leading teams and demystifying technology rather than the technical project managers of the past.

“I would put more emphasis in business acumen, commercial understanding, data analytics…and understanding how the business is going to be changed by technology…than I would on the skill set when I started, which was about supplier management, project management…and technical delivery history,” says Jordan.

Dominic Howson, CIO at waste management firm Viridor and Next CIO UK judge, sees today’s CIO as needing to be a ‘souped-up’ business analyst, understanding business processes, knowing how technology can impact different business functions, and having a degree of financial nous.

“Ten years ago, the CIO was the back-office guy or girl who kept the lights on and worried about backups, availability and capacity,” says Howson. “Now it’s the role of business leader [who is] front and centre of the company’s strategy.”

Yet there’s an understanding, too, that the CIO should be a people leader, first and foremost. Natalie Whittlesey, director at recruitment firm Investigo, says recruiters want to see strong communication and people skills.

“They often spend as much time talking about personality traits as experience requirements,” she says of clients, adding having the ability to influence, having a low-ego, being collaborative, and able to inspire people and take them on a journey.

“Good EQ and personal traits are incredibly important, but they’re also the most difficult to nurture as people often have traits that remain relatively static over time. So the ability to self-reflect, seek feedback and self-develop is also valuable,” she adds.

Whittlesey also says that the COVID-19 pandemic, which led many leaders including Microsoft CEO Satya Nadella to say that digital transformation initiatives were accelerated from years to months, pushed CIOs to be more product and customer focused.

“I spoke with a CEO last week who lost 70% of his business revenue within weeks, as the vast majority of his field workforce were confined to [working from] home,” says Whittlesey. “He couldn’t rely on other regions to make up the numbers, as they were impacted too. This required quick thinking by his leadership team to limit losses. It also resulted in a rapid shift towards escalating digital revenues.”

There’s no rule to CIO experience

A 2021 Hays report found that most CIOs surveyed held 15 to 20 years of experience in a related field before becoming a CIO, and about a quarter reported having 10 to 15 years before making the same leap.

“I had 17 years of experience before I undertook my first CIO role, but it’s dependent on the individual and the organization,” says Stantec group IT director Dave Roberts. “Not all CIO roles are equal, and it’s important to differentiate between what would have been called an IT or software development manager, or being called a CIO or a CTO in smaller organizations.”

Whittlesey believes recruiters and hiring managers are now more interested in experience over the last five years rather than the last 15 to 20, owing to more diverse career pathways and the continued pace of change in the technology market.

“If a client requests more than 10 years of senior experience, I tend to challenge them,” she says. “Many people—particularly women—move into IT via a sideways step. They might get involved with a technology project or program, get spotted by the CIO, CTO, CDIO and get encouraged to apply for a technology role, for example.

“This might mean they had five to 10 years in HR, operations or marketing before moving across to IT, where they thrive and get promoted quickly.”

Whittlesey admits that experience can give business leaders a sense of security, as proven CIOs will have the battle scars to handle any number of situations, but ultimately recommends leaving the issue of experience with the hiring manager.

How to prepare for a first-time CIO role

Preparing for the CIO role can take many forms, from volunteering for initiatives outside IT and developing through secondments, to taking on non-executive director (NED) positions.

Viridor’s Howson recommends getting outside your organization—and outside your comfort zone—to build a strong breadth of understanding.

“Go to customer-led vendor presentations,” he says. “Understand how other businesses utilise technology. Work outside of IT, in the business on a secondment. While in IT, get experience in every part of the function: service, infrastructure, development, support, architecture.”

Cockrill believes her time working as a business analyst was beneficial, as she got visibility of projects being delivered into HR, finance and other departments. Speaking of her own ascent into the CIO position, she says she had two streams of a working plan.

“One was making sure I took any opportunity in the workplace I could to broaden my skills,” she says, adding she would often volunteer for opportunities with her director while looking externally.

“The other was I started a school governor, then I did chair of resources. That gave me some of the leadership experience that I wasn’t able to get at work. Working with the BCS, or doing speaking events…all added to my knowledge and helped me create that rounded CV that I could say I’m ready. If you’re being interviewed for a CIO, and all you know is your technology…and you can’t talk about it in that bigger picture, there’s a gap.”

Whittlesey argues that clients are less interested in degrees or MBAs these days, even if Roberts says the latter can teach would-be leaders wider business principles and leadership skills. Instead, she says, hiring managers want to see evidence of credibility and commercial understanding; an ability to speak the language of the business, a willingness to change, evidence of personal growth, and proof of delivering technology programs across business.

Then there’s the small issue of visibility in order to get that elusive opportunity.

“Make sure you’re in people’s line of sight,” says Howson. “Think about your profile. How can you get more exposure to the decision makers. Find a way of being part of the bigger conversations. And think about your personal brand in all meetings and interactions.”

Overcoming imposter syndrome and the first 90 days as CIO

Despite the seniority of the CIO role, those who occupy it can still suffer from imposter syndrome and a lack of confidence. In particular, new CIOs may wrestle with that nagging question: Am I good enough?

“Many people talk about imposter syndrome, but it’s only through experience that you gain the necessary skills to be an effective leader,” says Stantec’s Roberts, a judge on Next CIO UK.

“Imposter syndrome can also be an issue when someone looks to break out of a particular industry and start a leadership role in a different type of organization,” he says. “It’s the fear of the unknown that will sometimes hold people back. Embrace new challenges. They’ll always provide a valuable lesson and the experience will help you improve and develop.”

Whittlesey adds: “Try to find reasons to rule yourself into an opportunity instead of ruling yourself out. It doesn’t matter if you don’t succeed. It’s better to be in with a chance than not to apply at all.”

Once in role, new CIOs must think of how they approach those first 90 days. Howson, Whittlesey, Roberts and Cockrill recommend learning about the business, its objectives and the strengths and weaknesses of your team, as well as developing internal relationships and benchmarking your position to gauge future progress.

Howson says CIOs should discover what the business thinks of IT, align their department’s objectives to those of the business, and discover shadow IT and tech spend not accounted for in the budget. He also calls for CIOs to understand their contractual positions, and ‘kick the tires’ on everything from compliance to cybersecurity, and find out where the quick wins are to gain early kudos.

The new CIO should also build networks internally and externally to stave off loneliness, says Cockrill, who says you can’t have the same relationship with team members as you would with peers, and that CIOs are naturally segregated from other senior leaders in HR, estates and finance. “Be bold and don’t be afraid of failure,” says Howson. “If you’re in a position to make the jump, the chances are you know your stuff.”

Careers, CIO

Your challenge: managing millions of dynamic, distributed, and diverse IT assets. 

With globally distributed workforces and assets hiding in the shadows growing exponentially, maintaining a complete and accurate inventory of every IT asset and achieving real-time visibility at scale is more challenging than ever before. After all, to keep our doors and windows locked, we need to know how many there are and where they are at. 

Yet the industry has failed to deliver a viable solution to the visibility problem, offering hub-and-spoke models, slow and saturate networks, that instead limit visibility in modern and complex environments.  

It’s no wonder many organizations can’t accurately report essential details about their environment. Solving this problem requires you to get back to basics.

To preserve and improve cyber hygiene, you first need to know what IT assets you have. Do you have 50,000, 100,000 or 500,000 computers and servers in your organization? Where are they? What are they? What’s running on them? What services do they provide? 

Answering those questions is what developing asset visibility—and following an asset discovery and inventory process—is all about. It’s the foundation for creating and maintaining cyber hygiene.

Why cyber hygiene depends on asset visibility

To manage your endpoints, you need three levels of knowledge:

What assets do you have, and where are they?
What software is running on them, and are they licensed? You need more than a hostname or an IP address.
How do the machines on your network relate to one another, and what is their purpose? In the world of servers, for example, you may have a group of servers that exist solely to host a service, like a company website.

All companies need this information, which in modern IT changes constantly. Network assets come and go, especially with bring-your-own-device (BYOD) policies and more companies encouraging employees to work from home (WFH).

And as networks become more complex and change faster, it becomes harder to maintain visibility into them. The consequences of losing sight of what assets there are and what those assets are doing become greater and greater. 

Why organizations struggle to create asset visibility

There are two primary reasons why organizations struggle to answer basic questions about their assets to maintain cyber hygiene.

1. Endpoint discovery has become a constantly moving target. 

Not every endpoint on a network is a desktop computer, laptop, or server. There are printers, phones, tablets, and a growing number of consumer and industrial internet of things (IoT) devices. Mobile device management (MDM) is a growing application field. 

But why should you have to worry about a consumer IoT device compromising the corporate network? Consider an employee working from home and the company’s security team is receiving alerts that someone is trying to break into her laptop. The source is a refrigerator with malware scanning her home network and trying to get into her device, which was temporarily on the corporate network. The same thing could occur with a smart light switch, thermostat, security camera—you name it.

Every device type can create operational and/or security risks, and the number of these types will only continue to increase in the coming years. 

2. Legacy tools struggle to create visibility in this new environment. 

Asset discovery tools built 10 years ago preceded many of the things modern IT environments operate with daily. Two examples: containers and hybrid clouds. 

These tools can’t handle the rate of change we see now. Yet organizations often remain attached to the tools they’re comfortable with, many of which are not easy to use. They may take pride in mastering hard-to-use tools. Maybe they wrote custom scripts to make them work more effectively. 

The unintended—and unfortunate—consequences of that are IT policies and processes crafted not because they’re the best way to address an issue, but because they fit the capabilities of the tools in use. It’s the IT version of “if you have a hammer, everything must be a nail”, with the policies being “we must nail things.” Entrenched tools become part of the IT ecosystem. But the best IT policies should be tool-agnostic. A tool built in 1993 or 2010 can’t offer that flexibility.

Next step: zero trust

Cyber hygiene is just the first step toward creating a more secure organization. The right asset visibility capability will also lay the foundation for nearly any zero-trust strategy or solution you choose to bring to life. 

When everything is a network device, everything is a potential security vulnerability. You need policies and procedures that break endpoints into three categories: managed, unmanaged, and unmanageable. 

Endpoint discovery is the first crucial step in the trend toward zero-trust solutions. CSO Online describes zero trust as “a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.”

Threat response and remediation tools are only as good as the breadth of endpoints they’re running on. And with the endpoint acting as the new perimeter, endpoint discovery really is where cyber hygiene and security begin. Implementing a zero-trust practice thus becomes the next meaningful step on that journey.

Learn how to migrate to a zero-trust architecture with real-time visibility and control of your endpoints here.