Insights from Founder and President of StarCIO with Isaac Sacolick

Apex sat down with Isaac Sacolick, Founder and President of StarCIO. As a successful CIO who has led digital transformation, product development, innovation, agile management, and data science programs in multiple organizations, he sheds some light on challenges and focus areas for today’s CIO.

Q: What is the biggest challenge for a CIO today?

A: CIOs have the challenge of evolving IT from back office support functions to ones that can deliver applications and analytics while investing in agile, cloud, devops, and security. Many of the CIO I talk to are still adjusting to the speed, innovation, and organizational intelligence required to remain competitive and to avoid disruption.

That’s all table stakes today.

CIOs have to see what’s coming next for their businesses and drive discussions on where they can lead their industries. They have to identify partnerships, experiment with new technologies, and accelerate the development of their leadership teams so that they can deliver and iterate on differentiating capabilities. That’s a lot to do, when many organizations have cultures resistant to change, legacy technology footprints, increasing security threats, and greater operational impacts when technologies underperform.   

Q: What is the single most important thing CIOs should be focusing on today?

A: I think that CIO can’t just have a single most important thing as it can lead to saying ‘no’ to business opportunities, underserving parts of the business, or overinvesting in a strategic driver whether it be innovation, operational excellence, compliance, etc.

Some time ago, I wrote how digital CIOs manage their time and it resonated with many CIO that struggle with their shifting roles and juggling many priorities. The biggest thing the CIO should focus on today is how to manage their time, find partnerships, and grow bench strength to meet these challenges.

Q: What is IT doing to support innovation in the enterprise?

A: IT should start by defining an ideation process and pipeline that captures new ideas from across the organization and puts them through rapid discovery processes. I describe these pipelines and planning processes in my book, Driving Digital: The Leader’s Guide to Business Transformation Through Technology along with agile transformation, product management, and becoming data driven – all practices that drive innovation.

Second, I recommend to CIO and their leadership teams to spend significant time out of their IT offices and seek to develop business relationships, visit customers, and attend various industry events. IT can’t drive innovation without having an outside-in perspective on what customers need, how business leaders are managing competitive threats, and how other industries are solutioning comparable challenges.

Lastly, IT should be doing a lot of experimenting, executing proof of concepts, and investing in learning activities. To be innovative, IT needs to know how to integrate different technologies into nimble, supportable solutions. There’s no silver bullet to innovation, and IT has to invest in learning the building blocks.

Q: How do you stay abreast of the trends and what your peers are doing?

A: I have a voracious appetite for reading, writing, speaking, meeting people, attending events, and participating in social media. I’m a bit of an outlier as a big part of what I do now at StarCIO is advise leaders on transformation, collaborative practices, platforms, and emerging technologies.

I also get hands on with new technologies from time to time.

IT leaders should try to do the same. Read two or more articles a day, a book a month, and attend at least three conferences yearly. Find a comfort zone participating in social media such as commenting on selective posts, participating in a Twitter chat, or writing a guest blog post. Most SaaS solutions offer trials and demo accounts, so invest some time to roll up the sleeves and see what works.   

Q: What advice would you give an early stage CIO joining an enterprise organization?

A: CIOs have to run in several parallel directions when joining an enterprise. First, significant time should be spent with business leaders to start developing relationships and ideally with customers to better understand how the organization’s products or services impact them. Second, they should conduct an end to end assessment of their department’s capabilities, strengths, and weaknesses along with a review of underlying practices and technologies. Finally, they should select a handful of departments that have strategic priorities and may be underserved technically.

CIOs in their first hundred days should be looking to answer several questions. Where are the strategic priorities where technology can make an impact? What are some quick wins and other initiatives that need to be on the roadmap? What major risks have not been communicated or don’t have mitigation plans? What are the gaps in IT that the CIO needs to address and may need financial help, collaboration, or forgiveness in their early goings? What areas of the organization are early adopters to new practices and technologies versus others that are slower to change or others that may be detractors?

CIO roles have to pull this information together quickly to formulate and communicate a go-forward strategy and plan.

 

Isaac Sacolick (@NYIke) is the Founder and President of StarCIO, a services company that helps clients succeed with data and technology while executing “smarter, faster, and more innovative” transformation programs. Isaac is a successful CIO who has led digital transformation, product development, innovation, agile management, and data science programs in multiple organizations. He is the author of the Amazon bestseller, Driving Digital: The Leader’s Guide to Business Transformation Through Technology, and has written over four hundred articles as a contributing editor at InfoWorld,  CIO.com and Social, Agile and Transformation. He is an industry speaker on digital transformation, becoming a data driven organization, artificial intelligence, agile management, and other leadership topics. Isaac has  been recognized as a top digital influence by IDG, Enterprise Management 360, and Thinkers360, a top 100 CIO in STEM, a top social CIO by HuffPost, Forbes, and HP Enterprise.

Philadelphia University’s Cybersecurity Program Receives “Top Curriculum” in the US

OnlineMasters.com, an industry-leading educational research organization, has named La Salle University’s Master of Science in Cybersecurity a top 25 internet security program for 2019, and also awarded the program “best curriculum.”

OnlineMasters.com analyzed every online master’s program in internet security in the nation with a team of 43 industry experts, hiring managers, current students and alumni.

According to OnlineMasters.com, the study leveraged “an exclusive data set comprised of interviews and surveys from current students and alumni in addition to insights gained from human resources professionals.” Their methodology weighted academic quality (academic metrics, online programming, and faculty training and credentials) at 40 percent, student success (graduate reputation, student engagement, and student services and technology) at 40 percent, and affordability (average net cost, percent of students with loans, and default rate) at 20 percent. The study incorporated current data from the Integrated Postsecondary Education Data System (IPEDS) and statistical data from the National Center for Education Statistics. Only programs from accredited nonprofit institutions were eligible.

“We are honored to be recognized as a top 25 internet security master’s program, with a special nod to our curriculum,” says Peggy McCoey, assistant professor and graduate director for La Salle’s M.S. in Cybersecurity. “We have developed a flexible, rigorous, and highly relevant program to ensure today’s students develop competencies in cybersecurity management as well as breach detection, mitigation and prevention. The Program balances both theoretical and practical aspects and draws key learnings from industry practitioners to ensure attention to ethical principles and changes related to cybersecurity.”

La Salle’s M.S. in Cybersecurity is a 100 percent online asynchronous program with three start dates and eight-week courses so students can complete two courses per semester. OnlineMasters.com noted its “engaging courses in cyberwarfare, cybercrime and digital forensics” in support of its “best curriculum” designation[…] Read more ».

 

 

The Shift in Security Operations in a Multi-Cloud World

As cybersecurity continues to become more complex and harder to manage, the role of security operations for organizations is also shifting across the board. Long gone are the days where firewalls or intrusion detection systems (IDS) could keep adversaries outside the perimeter. Instead, we are seeing increases in both size and frequency of attacks leading to more pronounced impacts to the business.

There are two primary factors that driving this change. To be successful today, modern security operations needs to understand these drivers and evolve their processes, procedures and tools to meet these new challenges.

The first driver has little to do with security as we think about it today. The modern IT organization is being required to deliver more business value at higher velocity with reduced costs. The most recent Rightscale State of the Cloud Report states that 85 percent of enterprises now rely on multiple clouds. This trend makes perfect sense as IT organizations reach for the best tools possible to meet their goals. However, the diversity of platforms and tools has driven more complexity in to the security operations than they were designed or resourced to accept. In my experience, most organziations have difficulty understanding where their data resides in the suite of platforms in use, let alone how that data is being protected.

The second driver is directly related to the security landscape. Over the past five years, we’ve seen the results from the investments adversaries have made in expertise. Modern attacks performed by advanced persistent threat (APT) groups rarely use sophisticated methods like zero-day attacks. Instead, these groups are characterized by the “persistent” component of their moniker. A consistent set of attacks, powered by cybersecurity expertise, is capable of breaching most organizations using traditional prevention or deterrence techniques […] Read more »