Our Blogs – For CIOs by CIOs

By Jeff Richards
Managing Partner

This year CIO Professional Services (CIOPS) is celebrating our tenth anniversary. Looking back over the past decade makes me realize that, in spite of all of the changes that have happened in the IT world, at a more fundamental level nothing has really changed at all.

Our focus hasn’t changed

CIOPS’ first client was the Northern California Golf Association, a division of the US Golf Association that was established in 1901 (i.e. when my great-grandparents were too young to take up the sport). Our work for the Northern California Golf Association was a process redesign, systems selection and systems implementation engagement.

Today our biggest client is a hyper-growth unicorn 6-year-old “startup.” They’re about as cool and new as it gets. What are the initiatives? Process redesign, systems selection and systems implementation!

Before our current client received a major cash infusion in early 2018, they were a cash-strapped start-up running everything on “freemium” and inexpensive applications. Everyone found something that would solve their particular problem, at least in the short run, with little thought as to what else was going on around it. Now they are replacing this hodge-podge of apps that got them this far with more sophisticated solutions that will meet their needs as they grow. In other words, pretty much what we did for the Golf Association, but on a much broader scale.

By Mike Pivacek
Associate

Organizations often bring in CIOPS to “fix things” when they feel that something in their IT realm is broken. Perhaps they just can’t seem to deliver. Maybe they’re making promises they can’t keep, or service is woefully lacking. People are counting on the team to get things done, and it’s just not happening. Deadlines are missed…bugs aren’t fixed…issues aren’t addressed…and if the end products are delivered at all, they might not be meeting quality standards.

Quite often these problems all have one thing in common

Our first step in fixing whatever is broken is always an assessment. If, for example, the organization is experiencing delivery challenges, we’ll want to delve into the current delivery process. What are they trying to accomplish, and where are they falling short?

Although service and delivery challenges are generally quite complex and caused by a combination of factors, each of the underlying causes usually falls into one of the following categories:

• People problems
• Process problems
• Technology problems

Regardless of whether a problem is caused by people, processes or technology, we often find that these issues all have one thing in common: They are not being measured, and this lack of measurement is a root cause of many undeliverables.

By Jeff Richards
Managing Partner

Each year the Churchill Club, a not-for-profit public benefit organization, brings in a panel of five venture capital partners to present their predictions regarding the top tech trends that will be affecting the market four or five years from now. At the event each VC presents their first prediction and the other VCs vote on it. Then the moderator turns it over to the audience members, who use an app to register their votes. After each panel member has presented their first idea, the moderator goes down the line and repeats the process for their second idea.

I’ve been attending this event for 12 years now. I’ve found that the meeting is both entertaining and thought-provoking, and a great way to get executives thinking out of the box (sometimes way out of the box) beyond their annual planning horizon. Plus, it gives me so many interesting things to talk about that it makes me feel like the smartest guy on the block for a few weeks!

By Christopher Barron
Associate

As the CIO you’ve been tasked with ensuring that your organization’s IT systems are more secure. You’ve got a budget (although it’s tight). You’ve got mandates (“Don’t let us get hacked!” “Increase our perimeter strength!” “Make it a ‘Top 3’ initiative for the year!”). But if you’re like many CIOs, what you don’t have is an understanding of the basic premises and precepts of cybersecurity.

To get appropriate cybersecurity controls in place, where in the world should you start?

By Scott S. Smith
Security Practice Lead

Given the fact that many organizations experience near-continuous cyberattack attempts, if you have not already done so, getting a robust cybersecurity plan in place is a must. This plan needs to be tailored to address your organization’s business requirements, culture and risk tolerance around cybersecurity. It also will need to ensure compliance with applicable regulations and laws, and include plans for how to respond if, in spite of your best efforts, a security breach takes place. You don’t want to be in Equifax’s situation, where a hacker’s ability to exploit what was most likely a known weakness has now put millions of consumers’ identity and financial security at risk. The government, your customers and the general public are all losing their tolerance for disasters that happen when known problems are ignored.

By Scott S. Smith
Security Practice Lead

Given the dramatically negative impact that a cybersecurity failure can have on your business, implementing a cybersecurity plan is mission critical. In my last article I talked about some of the business-driven needs that might drive your cybersecurity plan. Today I will address some of the steps you need to take to get a cybersecurity plan in place.

By Scott S. Smith
Security Practice Lead

The recent data breach at Equifax is just one of the latest in a long string of high-profile cybersecurity failures. In this particular case, the Social Security numbers and other sensitive information of up to 143 million Americans were exposed. In another case, the NotPetya attack very quickly spread to, then severely hobbled operations in, corporations around the world, including the giant shipping company Maersk.

These and other recent cybersecurity failures in the news have resulted in intellectual property loss, disclosure of embarrassing communications, loss of business, massive public relations nightmares, and more. And that’s just for the high-profile cases!

By Stephen McGrady
Principal

If Hurricane Harvey and the magnitude 8.1 earthquake off the coast of Mexico didn’t get you thinking about whether your business is prepared to withstand a major disaster, chances are Hurricane Irma or Maria did.

Like most professionals who work in the Business Continuity Planning (BCP) field, I’ve been giving a lot of thought to the implications of having three major natural disasters strike in North America within a 1-1/2 week span. It’s become clear to me that even if you have what you thought was a solid plan in place to keep your business operating after a disaster, your plan might not be good enough. After all, most organizations put plans in place that address how they’ll recover from one disaster. Very few ever consider the possibility that the situation may be even worse than that.

By Stephen McGrady
Principal

Those responsible for Business Continuity Planning (BCP)—i.e. having plans in place to keep a business running after disaster strikes—understand that the world really can be a dangerous place. Although hacking, malware and ransomware aren’t really “new” threats per se, they have certainly grown in frequency and impact.

As some recent high-profile situations have shown, terrible things can and do happen to organizations everywhere. Case in point: Disney was recently hit with a ransom demand by hackers who claimed to have stolen the latest “Pirates of the Caribbean” movie. A few weeks before that, hackers stole the latest season of “Orange is the New Black” from Netflix, and leaked episodes when the firm refused to meet their ransom demands. And then there’s the widely-publicized “WannaCry” ransomware attack, which affected over 200,000 computers in 150 countries in May.

By Stephen McGrady
Principal

As I discussed in my article on the difference between Business Continuity Planning (BCP) and Disaster Recovery (DR) planning, Business Continuity Planning is about the operations side of disaster preparedness. How will you keep the business running after disaster strikes?

When helping organizations address their Business Continuity Planning needs, CIO Professional Services uses a four-step approach: conduct a Business Impact Assessment, get Governance mechanisms defined and approved, prepare the team to handle Crisis Management, and create the Emergency Operating Plans (EOPs) for highly-impacted departments. Here’s an overview of how this works…