Our Blogs – For CIOs by CIOs

By Zeeshan Kazmi
Cyber Security Practice Head

News stories are full of evidence of what CIOPS has been witnessing in the field: cyber security attacks are on the rise. In fact, the global cost of damages from cybercrime, which stood at over $600 billion in 2017 , is projected to skyrocket to $6 trillion by 2021 .

The frequency of cyberattacks, as well as the number of methods used by these criminals, is increasing exponentially. Cyber criminals are investing heavily into tools and automation to find any type of unaddressed vulnerability—especially for small- and medium-sized businesses.

The danger is real and can cause a great deal of anxiety, especially if your ability to combat cyberthreats is hampered by a limited budget. What are your options when your cyber security budget is tight, but you know an attack can be catastrophic?

By Zeeshan Kazmi
Cyber Security Practice Head

I recently wrote about the reasons why your cyber security plan must address SecOps , which is a collaborative effort that ensures that your IT security and IT Operations teams are all on the same page. Today I’d like to take a look at how to make this happen. Here are the initial steps we recommend:

Assess your risks

It is absolutely critical to understand what your assets are and where they reside. You can then prioritize these assets based on the likely negative impact on your business if these assets were to be compromised.

Start by taking a complete inventory of your data assets, wherever they may reside. For example, what data resides in shadow IT? How about email archives, mobile devices, apps, etc.? It doesn’t hurt to reach out to key business stakeholders to ask them where they think their data is! Remember, if you don’t know where a data asset is located (or even if it exists), that lack of knowledge is a security risk in and of itself.

By Zeeshan Kazmi
Cyber Security Practice Head

Thanks to today’s digital transformation initiatives, getting a cyber security plan in place is more important than ever. In fact, it should be a vital part of your IT strategy. After all, chances are nearly all new initiatives in your company involve something digital. This automatically introduces new platforms that can be attacked and quickly become a deficit for your organization if they’re not directly protected by your cyber security efforts.

SecOps—a collaborative effort that ensures the IT Security and IT Operations teams are all on the same page—is the ongoing operational management piece of this. It’s the reminder that your cyber security plan cannot be a “set it and forget it” effort. A cyber security plan must always bridge the gap between Security and IT Operations, neither of which is ever static and each of which has fundamentally different priorities.

By Jeff Richards
Partner

Since 2009 CIO Professional Services has provided strategic IT consulting and business/IT alignment services for a wide range of enterprise clients. Our consultants are all highly-experienced, world class executives who have a true passion for what they do.

Seeing the significant difference that our efforts make for our clients is enormously satisfying. Receiving glowing testimonials from these clients always makes our day. As my father always said, a job well done is its own reward…and normally I would agree and say that all of this feedback is enough.

But as we were recently reminded, sometimes it really feels good to receive recognition from your peers, too.

By Mike Cashman Sr.
Associate Consultant

When the conversation turns to IT service delivery for SMBs (small- and medium-sized businesses), the question that is often asked is this: Which is better—having a full internal IT department or using a fully outsourced external IT provider?

What we’ve seen in practice, though, is that if you’re thinking in terms of “internal vs. external” you’re focusing on the wrong thing. A better question to ask is “how can I maximize my IT spend in order to achieve the desired end results?” The answer is usually not to go with an all internal or all external approach. In my experience, the best IT service delivery for SMBs is a hybrid, multi-modal model.

By Jeff Richards
Managing Partner

Each year the Churchill Club, a not-for-profit public benefit organization, holds a “Top 10 Tech Trends” meeting. A panel of five venture capital partners each present two predictions regarding the top tech trends that will be affecting the market four or five years from now. Each VC presents their first prediction and the other VCs vote on it. Then the moderator turns it over to the audience members, who use an app to register their votes. After each panel member has presented their first idea, the moderator goes down the line and repeats the process for their second idea.

I’ve been attending this event for 13 years now. I’ve found that the meeting is both thought-provoking and entertaining, and a great way to get executives thinking out of the box beyond their annual planning horizon. Plus, it usually gives me lots of interesting things to talk about at client meetings, cocktail parties and networking events!

This year was the 21^st annual edition of this event, and there were probably 600 to 700 people in attendance. CIO Professional Services bought a table. Everyone in our group of nine really enjoyed the event, which spurred some very stimulating conversation.

By Jeff Richards
Managing Partner

This year CIO Professional Services (CIOPS) is celebrating our tenth anniversary. Looking back over the past decade makes me realize that, in spite of all of the changes that have happened in the IT world, at a more fundamental level nothing has really changed at all.

Our focus hasn’t changed

CIOPS’ first client was the Northern California Golf Association, a division of the US Golf Association that was established in 1901 (i.e. when my great-grandparents were too young to take up the sport). Our work for the Northern California Golf Association was a process redesign, systems selection and systems implementation engagement.

Today our biggest client is a hyper-growth unicorn 6-year-old “startup.” They’re about as cool and new as it gets. What are the initiatives? Process redesign, systems selection and systems implementation!

Before our current client received a major cash infusion in early 2018, they were a cash-strapped start-up running everything on “freemium” and inexpensive applications. Everyone found something that would solve their particular problem, at least in the short run, with little thought as to what else was going on around it. Now they are replacing this hodge-podge of apps that got them this far with more sophisticated solutions that will meet their needs as they grow. In other words, pretty much what we did for the Golf Association, but on a much broader scale.

By Mike Pivacek
Associate

Organizations often bring in CIOPS to “fix things” when they feel that something in their IT realm is broken. Perhaps they just can’t seem to deliver. Maybe they’re making promises they can’t keep, or service is woefully lacking. People are counting on the team to get things done, and it’s just not happening. Deadlines are missed…bugs aren’t fixed…issues aren’t addressed…and if the end products are delivered at all, they might not be meeting quality standards.

Quite often these problems all have one thing in common

Our first step in fixing whatever is broken is always an assessment. If, for example, the organization is experiencing delivery challenges, we’ll want to delve into the current delivery process. What are they trying to accomplish, and where are they falling short?

Although service and delivery challenges are generally quite complex and caused by a combination of factors, each of the underlying causes usually falls into one of the following categories:

• People problems
• Process problems
• Technology problems

Regardless of whether a problem is caused by people, processes or technology, we often find that these issues all have one thing in common: They are not being measured, and this lack of measurement is a root cause of many undeliverables.

By Jeff Richards
Managing Partner

Each year the Churchill Club, a not-for-profit public benefit organization, brings in a panel of five venture capital partners to present their predictions regarding the top tech trends that will be affecting the market four or five years from now. At the event each VC presents their first prediction and the other VCs vote on it. Then the moderator turns it over to the audience members, who use an app to register their votes. After each panel member has presented their first idea, the moderator goes down the line and repeats the process for their second idea.

I’ve been attending this event for 12 years now. I’ve found that the meeting is both entertaining and thought-provoking, and a great way to get executives thinking out of the box (sometimes way out of the box) beyond their annual planning horizon. Plus, it gives me so many interesting things to talk about that it makes me feel like the smartest guy on the block for a few weeks!

By Christopher Barron
Associate

As the CIO you’ve been tasked with ensuring that your organization’s IT systems are more secure. You’ve got a budget (although it’s tight). You’ve got mandates (“Don’t let us get hacked!” “Increase our perimeter strength!” “Make it a ‘Top 3’ initiative for the year!”). But if you’re like many CIOs, what you don’t have is an understanding of the basic premises and precepts of cybersecurity.

To get appropriate cybersecurity controls in place, where in the world should you start?