Our Blogs – For CIOs by CIOs

By Stephen McGrady
Principal

Last year if a customer sent you a Business Continuity Plan questionnaire asking what your plans were for responding to a pandemic, your response might have been, “Why are we even being asked about this? What difference does it make?” Your disaster planning was most likely focused on events that appeared to have a reasonable probability of taking place: earthquakes, fires, floods, key suppliers going out of business, labor strikes, etc.

This year, however, the outbreak of the coronavirus known as COVID-19 has changed all this. Between wide-spread quarantines and shut-downs in China, supply chain disruptions, trade show cancellations, stock market swoons and panicked calls from your elderly parents, it’s painfully obvious that you also need to have a plan for addressing pandemics.

As of this writing the outbreak of COVID-19 is far from contained. How might it impact your business?

By David Philippou
Associate

Day after day your IT team keeps the systems running. Everything is secure. There are no outages. Tickets get addressed promptly. The entire system operates exactly as it should, every day.

While you think your group should be up for “Department of the Year,” the rest of the company hasn’t even noticed your good work. Why? Because these things are all expected. As far as they’re concerned, you’re just “keeping the lights on.” And who ever notices that?

By David Philippou
Associate

Years ago I was at a company leadership development day. When we got to the touchy-feely part at the end where everyone is asked to thank someone else in the room, I did so and then…nothing. While everyone else got thanked for the smallest of things, I sat there thinking, “Hey! What about me? My team and I have worked tirelessly to ensure the IT systems work, day in and day out, and tickets no longer disappear into a black hole. Don’t I deserve some thanks, too?”

Evidently not.

By Zeeshan Kazmi
Cyber Security Practice Head

News stories are full of evidence of what CIOPS has been witnessing in the field: cyber security attacks are on the rise. In fact, the global cost of damages from cybercrime, which stood at over $600 billion in 2017 , is projected to skyrocket to $6 trillion by 2021 .

The frequency of cyberattacks, as well as the number of methods used by these criminals, is increasing exponentially. Cyber criminals are investing heavily into tools and automation to find any type of unaddressed vulnerability—especially for small- and medium-sized businesses.

The danger is real and can cause a great deal of anxiety, especially if your ability to combat cyberthreats is hampered by a limited budget. What are your options when your cyber security budget is tight, but you know an attack can be catastrophic?

By Zeeshan Kazmi
Cyber Security Practice Head

I recently wrote about the reasons why your cyber security plan must address SecOps , which is a collaborative effort that ensures that your IT security and IT Operations teams are all on the same page. Today I’d like to take a look at how to make this happen. Here are the initial steps we recommend:

Assess your risks

It is absolutely critical to understand what your assets are and where they reside. You can then prioritize these assets based on the likely negative impact on your business if these assets were to be compromised.

Start by taking a complete inventory of your data assets, wherever they may reside. For example, what data resides in shadow IT? How about email archives, mobile devices, apps, etc.? It doesn’t hurt to reach out to key business stakeholders to ask them where they think their data is! Remember, if you don’t know where a data asset is located (or even if it exists), that lack of knowledge is a security risk in and of itself.

By Zeeshan Kazmi
Cyber Security Practice Head

Thanks to today’s digital transformation initiatives, getting a cyber security plan in place is more important than ever. In fact, it should be a vital part of your IT strategy. After all, chances are nearly all new initiatives in your company involve something digital. This automatically introduces new platforms that can be attacked and quickly become a deficit for your organization if they’re not directly protected by your cyber security efforts.

SecOps—a collaborative effort that ensures the IT Security and IT Operations teams are all on the same page—is the ongoing operational management piece of this. It’s the reminder that your cyber security plan cannot be a “set it and forget it” effort. A cyber security plan must always bridge the gap between Security and IT Operations, neither of which is ever static and each of which has fundamentally different priorities.

By Jeff Richards
Partner

Since 2009 CIO Professional Services has provided strategic IT consulting and business/IT alignment services for a wide range of enterprise clients. Our consultants are all highly-experienced, world class executives who have a true passion for what they do.

Seeing the significant difference that our efforts make for our clients is enormously satisfying. Receiving glowing testimonials from these clients always makes our day. As my father always said, a job well done is its own reward…and normally I would agree and say that all of this feedback is enough.

But as we were recently reminded, sometimes it really feels good to receive recognition from your peers, too.

By Mike Cashman Sr.
Associate Consultant

When the conversation turns to IT service delivery for SMBs (small- and medium-sized businesses), the question that is often asked is this: Which is better—having a full internal IT department or using a fully outsourced external IT provider?

What we’ve seen in practice, though, is that if you’re thinking in terms of “internal vs. external” you’re focusing on the wrong thing. A better question to ask is “how can I maximize my IT spend in order to achieve the desired end results?” The answer is usually not to go with an all internal or all external approach. In my experience, the best IT service delivery for SMBs is a hybrid, multi-modal model.

By Jeff Richards
Managing Partner

Each year the Churchill Club, a not-for-profit public benefit organization, holds a “Top 10 Tech Trends” meeting. A panel of five venture capital partners each present two predictions regarding the top tech trends that will be affecting the market four or five years from now. Each VC presents their first prediction and the other VCs vote on it. Then the moderator turns it over to the audience members, who use an app to register their votes. After each panel member has presented their first idea, the moderator goes down the line and repeats the process for their second idea.

I’ve been attending this event for 13 years now. I’ve found that the meeting is both thought-provoking and entertaining, and a great way to get executives thinking out of the box beyond their annual planning horizon. Plus, it usually gives me lots of interesting things to talk about at client meetings, cocktail parties and networking events!

This year was the 21^st annual edition of this event, and there were probably 600 to 700 people in attendance. CIO Professional Services bought a table. Everyone in our group of nine really enjoyed the event, which spurred some very stimulating conversation.

By Jeff Richards
Managing Partner

This year CIO Professional Services (CIOPS) is celebrating our tenth anniversary. Looking back over the past decade makes me realize that, in spite of all of the changes that have happened in the IT world, at a more fundamental level nothing has really changed at all.

Our focus hasn’t changed

CIOPS’ first client was the Northern California Golf Association, a division of the US Golf Association that was established in 1901 (i.e. when my great-grandparents were too young to take up the sport). Our work for the Northern California Golf Association was a process redesign, systems selection and systems implementation engagement.

Today our biggest client is a hyper-growth unicorn 6-year-old “startup.” They’re about as cool and new as it gets. What are the initiatives? Process redesign, systems selection and systems implementation!

Before our current client received a major cash infusion in early 2018, they were a cash-strapped start-up running everything on “freemium” and inexpensive applications. Everyone found something that would solve their particular problem, at least in the short run, with little thought as to what else was going on around it. Now they are replacing this hodge-podge of apps that got them this far with more sophisticated solutions that will meet their needs as they grow. In other words, pretty much what we did for the Golf Association, but on a much broader scale.