CIO Solutions Gallery: How Can We Enable Culture Change?

Whether the topic is modernizing health care, attracting retaining the right talent, the role(s) of the Chief Data Officer (or the new Chief Digital Officer), the value of big data or even securing enterprises from insider threats, the answer entails culture change. So how do we begin?

by / September 7, 2014

CIO Solutions Gallery

CIO Solutions Gallery - The Ohio State University’s Fisher College of Business, photo credit: Dan Lohrmann

This past week, I had the opportunity to interact with CxOs from the public and private sector on a wide variety of cutting-edge issues affecting many diverse industries. The CIO Solutions Gallery “is a nationally recognized program, intended for primary executives and senior leaders in the technology and operations communities, is unmatched. Uniquely organized around peer learning, audience and content are both carefully ‘curated’ to ensure a unique, content-rich, and thought-provoking exchange that is well-respected in the senior leader community.” 

During the invitation-only sessions on Weds night and Thursday at The Ohio State University’s Fisher College of Business, the schedule was packed with influential speakers from all over the country. Thornton May, who is an internationally-known IT Futurist and the funniest person I know, led the event. Best of all, there was plenty of time to network and participate in group discussions with senior IT leaders from across the Midwest.

Thornton described the goal of the event as bringing together: “Interesting people, on interesting topics, with compelling stories and provocative viewpoints…. I think CIOs are today’s heroes. You are the doers. You connect the dots and make things happen. You get things done and deliver results!”

One common theme that ran throughout each presentation was the vital role of IT leadership in changing the company culture to achieve positive outcomes. We are faced with challenges regarding people, process and technology, but the most important aspects to address involve motivating our teams to accomplish great things. In fact, everyone agreed that over 80% of our modern challenges revolve around people issues.

So what are the best ways to change culture in the autumn of 2014?  Allow me to elaborate on a few event highlights.

What Were the Topics?

The agenda included sessions such as:

 "Investing In Difference-Making; Silicon Versus Carbon” by Mr. Daniel J. Barchi, Chief Information Officer, Yale New Haven Health System & Yale School of Medicine. His session addressed our project work that often seem to focus more upon the ‘silicon’ side of things (the technology) than we do on the ‘carbon’ side (the human component of our relationships, processes and cultures), even though that ‘carbon side’ may be more important. Our spending patterns underscore that, as with nearly $4T spent on IT annually, the people side routinely does not get the lion’s share.

Mr. Daniel J. Barchi, Chief Information Officer, Yale New Haven Health System & Yale School of Medicine

Mr. Daniel J. Barchi, Chief Information Officer, Yale New Haven Health System & Yale School of Medicine presenting to CIO Solutions Gallery opening dinner, photo credit: Dan Lohrmann

What did I learn? Focus on your people. Use metrics to drive meaningful conversations and real results in patient care. The transformational story from the Yale New Haven Health System is amazing.

Another session was entitled: "Getting The Right People On Board" by Ms. Linglong He, Chief Information Officer, Quicken Loans. Her session highlighted how Quicken Loans became the Computerworld number one place to work in IT for the second year in a row and a Fortune Magazine top five place to work in America.

Linglong made it clear that money is not the top motivator for most people. “People want a sense of belonging and purpose at work in a fun environment,” she said.

Quicken Loan’s CIO has worked for over a decade at the company, and she was promoted from lower levels. Here are some of the items I took away from her approach at Quicken Loans:

1)      It is not about who is right, but what is right.

2)      Innovation is rewarded, but execution is worshiped.

3)      Innovation can be incremental

4)      Hiring is about both aptitude and attitude

5)      IT plays both defense and offense with the business. The defense fixes (immediate) problems and the offense brings new ideas daily.

6)      Ask: Why (are you doing something)? Later, address what, who and how in the delivery of solutions.

7)      Keep recruiting your own people. Don’t stop after they are hired, if you want to keep the best.

Ms. Linglong He, Chief Information Officer, Quicken Loans, photo credit: Dan Lohrmann

Most of all, Quicken Loans focus on outcomes! They listen to their customers.

Gary J. Beach, Publisher Emeritus from CIO Magazine, did an excellent job describing the new global competition regarding the future of IT in his presentation: “The U.S. Technology Skills Gap; What Can We Do About It?” He went into detail on what is at stake:

1)      The vitality of the US economy.

2)      The challenges that come from falling behind for top educated talent.

3)      The strength of national security.

Gary J. Beach, Publisher Emeritus CIO Magazine

Gary J. Beach, Publisher Emeritus at CIO Magazine, photo credit: Dan Lohrmann

Mr. Beach quoted Winston Churchill: “The era of procrastination, of half-measures, of soothing and baffling expedients, of delays is coming to its close. In its place we are entering a period of consequences.”

Jennifer Ippoliti, the Chief Data Officer at Raymond James, presented on: "A New and More Visible Leadership Role." Her session was described as:

"Information can herald the growth of an organization’s brand and performance if it is properly managed, or it can choke the life out of that business if its value as a strategic corporate asset is under appreciated or ignored. For firms beginning that journey to a more enriched information environment, no single resource is more vital to the effort than a leader who is empowered to be the steward and champion of the enterprise’s information resource. This is leading to the rise of the Chief Data Officer (CDO). What, then, should this position do, and how should it be best positioned to be an effective catalyst for this desperately needed information transition?"

Jennifer Ippoliti, the Chief Data Officer at Raymond James

Jennifer Ippoliti, the Chief Data Officer at Raymond James, photo credit: Dan Lohrmann 

I thought she made a compelling case for organizations to focus on the new powerful role that data is playing within enterprise solutions, and she made it clear that this role can (and must) be complimentary to the CIO role. The governance of data is vital to success of the businesses succeeding as we address the questions of how data will be mined and shared to derive benefit.

Some attendees responded that this data role was given to a person without a “chief” title, such as a senior data architect. Overall, this trend is hot and the audience appreciated her explanation of her duties and future vision.

The Insider Threat

My session on “Protection from Within,” again highlighted the common theme of focusing on people and trust, in light of Edward Snowden’s actions and numerous other insider threat stories.

I started with some recent examples of insider threats to business, such as: employee mistakes, malicious code, negligent IT users, contractor abuse of system privileges and deliberate targeting of intellectual property.  The impacts can affect databases, applications, mobile devices, networks and much more.

As we went around the room and heard from the CIOs in the audience, it was clear that concerns were not just about the deliberate inside (bad-guy) hacker who is going after sensitive company data. A serious concern about the masses was clear, with threats emerging from all types of well-meaning staff. There was also a sense of CIOs being overwhelmed by the enormous cybersecurity tasks.

My answers focused on starting with the 99% of people in our organizations that want to do the right things. We need to win the hearts and minds of the majority, before we can possibly hope to catch the less than 1% of the bad apples. If we have the 99% with us, those staff will also be the ones who can help identify those who pose greater enterprise risks.  

Security pros are often labeled as part of the problem, and we can learn why security pros typically fail. We need to get to yes and allow security to be an enabler with updated processes and procedures that are meaningful and helpful. We also need new cyber training that is brief, focused, relevant and even fun. We need to address all levels of the organization and get buy-in from people on approaches – like Quicken Loans does.

Only then can we hope to succeed to find the needle in the haystack when we apply appropriate processes and technology, such as logging, ID management and provisioning, monitoring and other verification tools. (Pragmatic steps such as conducting background checks and addressing entering and exiting employees were also mentioned.)

For much more details on my examination of issues and solutions on this current insider threat topic, you can visit three very recent LinkedIn posts entitled:

Are You For Us or Against Us?

Changing Security Culture With a New Approach and

Are You Engaged in Building Trust and Fixing the Security Culture?

Wrap-up

I’d like to close by describing a surprising session discussion where attendees responded to the question: “Where is modern IT heading?”

The lively discussion gave very conflicting answers, including: consumerization of IT, faster change, more control (be a Putin) or less control (business take-over), cloud, mobile, big data and small data (better use of what you have now).

Some said we won’t need IT in the future – since there were VPs of electricity in corporations 100 years ago. Others said the sky is the limit and there are no more boundaries (or finish lines). CIOs will rule the new business world, since “we connect the dots and deliver the end-to-end view.”

What did everyone agree on?    

It’s all about the people – and enabling culture change.

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso