InformationWeek Stories by Jim Ditmore

InformationWeek Stories by Jim Ditmorehttp://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2012-12-21T09:06:00Z10 Year-End To-Do Items For IT LeadersIt's time to reflect, give thanks, recharge and come out of the gate swinging in 2013.http://www.informationweek.com/global-cio/interviews/10-year-end-to-do-items-for-it-leaders/240145177?cid=RSSfeed_IWK_Authors<div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/global-cio/interviews/232700109"><img src="http://twimgs.com/informationweek/galleries/automated/765/01_CEO_Logos_tn.gif" alt="8 CEOs Speak: IT Projects That Matter Most" title="8 CEOs Speak: IT Projects That Matter Most" class="img175" /></a> <div class="storyImageTitle">8 CEOs Speak: IT Projects That Matter Most</div> (click image for larger view and for slideshow)</div>It's that time of year when everyone is scurrying to wrap up the last steps of projects. For senior IT managers, here's a quick list of things to do before the new year. 1. Vacation Overlaps. Recheck that you and your senior team members aren't all heading out on vacation and you have no one left to mind the shop. If there's a gap, you need to be the one to fill it. (And while you're handling this last set of work during the relatively quiet days ahead, you'll be able to multitask and take on the items below.) 2. Batch Cycles. With the surge in retail sales and other peaks this time of year, ask the production batch team to quickly forecast and recalibrate the peak processing time for batch runs in December, month end, and year end. It's better to find out now that you need to address capacity than at 3 a.m. Sunday morning of the new year as your company can't close its books on time. 3a. Feedback For Your Team. Write a thoughtful and generous note to your team pointing out their progress and accomplishments for the year. Everyone needs to be thanked and appreciated; you've probably done enough coaching this year. 3b. More Feedback For Your Team. Spend some of this quiet time writing well-considered performance reviews for your team. Start with your best and worst performers -- they will get the biggest positive impact from a strong write-up. For outstanding insight on competencies and how to coach, check out <a href="http://www.amazon.com/FYI-Improvement-Guide-Development-Coaching/dp/0974589233/ref=sr_1_1?ie=UTF8&qid=1323869677&sr=8-1">FYI: For Your Improvement</a> by Michael M. Lombardo and Robert W. Eichinger. 4. Gain New Insights. Spend another part of your vacation time reading a good management or IT book to gain some fresh perspectives. I recommend <a href=http://online.wsj.com/article/SB10001424052970204826704577074501731476934.html>Magical Mathematics</a>, <a href="http://www.amazon.com/dp/1591845629">The Rare Find</a> or <a href="http://www.amazon.com/Great-Choice-Uncertainty-Luck-Why-Despite/dp/0062120999">Great By Choice</a>. 5. Start Out Proactively. Book time in January with your planning team to ensure you have the IT goals for 2013 clearly defined, and map out the steps you'll take to communicate them broadly. Otherwise, you will get caught up with the first assignments that come in the door in the new year and will remain reactive the entire year. <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"><div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"><a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a><div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div>Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy.</div> </div>   6. Allocate Time For Your Customers. Ask your admin to ensure you have regular meetings scheduled every month with all of your business partners. Such regular sessions are key to keeping in touch and providing great service. 7. Thank Your Admin. Most people interact with you through your admin. Thank him or her with a nice gift and note. Make sure you don't get a gift in return. 8. Thank Your Sponsors. Spend some quality time with your boss. Whatever the challenges for the year have been, thank your boss for the support and opportunities he or she has given you. Make it clear you'll be refreshed and ready to go in the new year. 9. Get Ready To Recruit And Retain. If you don't have a robust recruiting and retention plan, gear up for 2013! The IT unemployment rate averages 2% and any improvement in the economy will make the talent hunt harder. Invest more in recruiting and hiring college graduates. Look to bring in and train bright junior people rather than go after only mid- or senior-level people. Consider alternate locations with strong engineering talent pools. 10. Take Time For Yourself And Your Family. Decompress and reflect, relax and recharge. Focus on your family. Identify the key things about you that you want to change for 2013. Save the "how" for another reflection session. Walk into January with renewed vigor and a focused game plan for the new you. If you aim to do fewer than five of the things above, make sure you do No. 10 so that you personally are ready for next year. What changes or additions would you make to this list? Please weigh in with a comment below. I hope your year has been successful and rewarding. All the best, and have a great holiday season and prosperous 2013.2012-09-25T08:44:00Z6 Features I Want In Future SmartphonesApple's iPhone 5 makes design advances, but here's how vendors could make smartphones even more useful.http://www.informationweek.com/news/240007865?cid=RSSfeed_IWK_Authors <div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/hardware/handheld/iphone-5-10-best-features/240007294"><img src="http://twimgs.com/informationweek/galleries/automated/868/iPhone_5_1st_slide_175.jpg" alt="iPhone 5's 10 Best Features" title="iPhone 5's 10 Best Features" class="img175" /></a> <div class="storyImageTitle">iPhone 5's 10 Best Features</div> (click image for larger view and for slideshow) </div>  With the release of iPhone 5, Apple has notched up another product success and ratcheted up the integrated design features. And while Retina screens and slim versions of the device are material advances, it would be great to see these interesting and innovative additions to smartphones. Many of them require the smartphone manufacturers to partner to achieve some very useful new features. Unfortunately, because of existing revenue streams (e.g., carriers funding the manufacturers) <a href="http://www.informationweek.com/global-cio/interviews/wireless-innovation-slows-and-thats-a-go/240007466">we may not see some of these features</a>. 1. Multiple Personalities: It would be great to be able to use one device for personal and for business--but seamlessly. Consider a phone where your office or business mobile number rings to your phone as well as your personal number. And when your boss calls, the appropriate ring, screen background, contacts, and everything else aligns with the number calling. You can switch back and forth between your business world and your personal world on your phone, just as you do, but with one device not two (or if you are using one device today, you get both numbers, and no mixing). Some versions of these phones are available today, but not on the best smartphones, and not in a fully finished mode. 2. Multiple SIMs: Multiple SIM phones--where two or more SIM cards are active at the same time--have been available in some form since 2000. These enables you to leverage two networks at once (or have a business phone on one network, and a personal phone on another), or more easily handle different networks when traveling (e.g., one network for domestic, one for Europe and one for Asia). Today, there are low-end phones in developing markets or China where these features are available--so why not have this in the high-end smartphones in the developed world? You could certainly leverage better pricing for your calls and better enable multiple phone personalities. But the pricing is likely the rub--such a feature would make it too easy to switch carriers call by call. 3. A nano-phone: How many times have you been either exercising or on a fishing trip or out for night out or an elegant evening, and the last thing you want to do is bring along a large, potentially bulky smartphone that you might lose (or drop in the lake)? Why can't you have a nano iPod that has the same number and contacts as your iPhone that works as a passable phone? Then you can leave the iPhone at home, bring your music and a nano cell phone, and not worry all evening about losing it! Again, the manufacturers must work with the carriers to enable two devices with the same number to be on the network and for you to choose to which one the calls ring. But think of the convenience and possibilities of having multiple orchestrated devices, each tuned precisely to what and when you want to use them. 4. Better power management: Even with the continued advances in battery life, nearly everyone encounters times when their use or their apps have completely drained the battery. Today's data intensive apps can chew up battery life quickly without the user being aware. Why not alert the user to high usage (rather than wait until the battery is almost dead to alert), and enable the option for power saving mode. When this mode is selected the phone OS switches apps to low power mode unless the user overrides. This will keep power hog apps from draining the battery doing unimportant tasks. It will avoid a late afternoon or evening travail when you discover your phone is dead and yet you need it to make a call.   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   5. Socially and physically aware: While there are plenty of apps that create social networks and provide some physical awareness, and some phone plans that enable you to know where a family member is by their device location, you still require a precise device/app/option selected that minimizes the possibility of casual interaction with your known acquaintances. Consider your LinkedIn network and when you are traveling for business--it would be excellent to be able to chose to let your links know that you are walking through O'Hare Airport, and for those associates that chose similarly, you would know that your colleague John is at gate B5, which you happen to be walking by, and you can stop and chat before you have to catch your flight. You can choose to be anonymous, or just available to your friends or links, or for extroverts, publicly aware. Unfortunately, this would require a common 'awareness' standard and security for devices and social sites, which at this stage of the social media "Oklahoma land rush," it is doubtful that cooperation required would occur. 6. Better "offline" capabilities: Far too many apps today still require a constant Internet connection to work. Even for those apps frequently used in an offline mode--translation apps and <a href="http://www.informationweek.com/mobility/smart-phones/nokia-kicks-apples-map-in-the-apps/240007751">London tube</a> apps come to mind--many still require an Internet connection. Why can't you download 90% of the translation requirements to your app while on your home Wi-Fi, and then, when in Paris, bring up the app to suffice for faster translation offline instead of using international data rates? (At which point a paid translator would be cheaper and much faster). Again, I wonder how much collusion (or lack of common sense) goes on to encourage nonsensical data usage versus designing "data-lite" apps. These are the six features I would like to see. And while I am sure that there are phones or apps that do some of the features, I think it would be an advance to have the features mainstreamed on the latest and best smartphones. (Though if you know of a great translation app with good "offline" capability, please recommend it). What features would you like to see in the next generation of smartphones? Let me know in the comment section below.2012-09-21T09:00:00ZHow To Build A High-Performance IT TeamIn a tight job market, CIOs and other tech employers need to rethink their recruiting, training, and retention practices. http://www.informationweek.com/news/240007690?cid=RSSfeed_IWK_AuthorsDespite a national unemployment rate of more than 8%, the IT job market remains tight, with less than 4% unemployment. The jobless rates for IT specialties such as networking, security, and database management are even lower. Meantime, IT pros are less likely to switch companies than they once were, making it all the more difficult for employers to fill open positions and find new talent. So how do you build or sustain your high-performance IT team? Let's focus first on acquiring talent. You must put your company in a position to acquire talented people when they first consider looking for a position. That is, you must move to a "persistent" recruiting mode. If your group opens positions only after someone leaves or funding is approved, you likely won't acquire the staff in time to meet your needs, nor will you consistently be on the market when candidates are seeking employment. Look instead to do "pipeline" recruiting. That is, for those common positions you know you'll need to fill over the next 12 months, set up an enduring position and have your HR team persistently recruit for those positions. Good examples are Java experts, mobile developers, project managers, and network engineers. Constantly recruit and interview for such positions, and when you find A-caliber candidates, hire them--whether you have the exact position open or not. [ Want more advice? Read <a href="http://www.informationweek.com/hardware/handheld/nokia-windows-phone-8-devices-arrive-wit/240006853?itc=edit_in_body_cross">6 Recruitment Rules For HR, IT</a>. ] Because you eventually will need that talent, hire them and put them on the next appropriate project. Not only will you have the talent sourced and available when you need it, but you will also develop a reputation as a place that seeks talent, giving your company an edge when those <a href=http://www.topgrading.com>"A" players</a> who rarely switch jobs decide to seek a new opportunity. Another key tactic is to extend your pipeline recruiting to interns and recent graduates. Too many companies look only for experienced candidates. Newly minted engineers, for example, often can contribute much more than most managers give them credit for, especially if your company has strong on-boarding, training, and education programs. I have seen uplifting results when legacy teams bring in bright, enthusiastic, talented people and combine them with their experienced engineers. Everyone's performance lifts. They will bring energy to your shop. And though it will take seven to 15 years for them to become the senior engineers and leaders of tomorrow, they will be at your company, not someone else's. If you don't start, you will never have them. <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"><div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"><a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a><div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div>Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy.</div> </div>   The investment in robust training and education will pay off for your current staff as well, in higher productivity, engagement, and retention. Spell out for your people the competencies and capabilities of both their current position and their next career step. And provide a training program to enable them to advance. In a tight job market, career clarity and training investment will help your company stand out in the crowd. Another tactic is to recruit talent in other locations. Don't limit your search to one or two metropolitan areas. You can use additional locations to tap entirely new sources of talent at potentially lower costs. Consider opening a location in Rustbelt cities with top universities, or in cities such as Charlotte, N.C., and Columbus, Ohio, that have a legacy of IT work from previous industry peaks and populations loyal to the locale. Such second-tier cities can harbor surprisingly strong IT populations that require lower salaries, and are easier to retain than those in Silicon Valley, Boston, or New York. The same is true of second-tier locations in Europe and India, where costs are likely to be 20% to 40% less than in headline locations, with lower attrition rates. Look to tap the global IT workforce to gain advantage through diverse talent: "follow the sun" coverage; and optimized costs and capacity. Wherever you go, though, you'll need a minimum critical mass in each site, and robust audioconferencing, videoconferencing, collaboration, and configuration management tools. Avoid just shipping over low-end tasks. To attract the best people and to be the most productive, implement full activities with leadership roles in your global locations. For large companies, such a global workforce is mandatory to achieve competitive IT capabilities. Don't forget to review your <a href=http://www.recipeforit.com/it-cost-reduction-near-term-tactics-to-deliver/evaluating-and-selecting-it-talent/>recruiting approach</a> as well. Apply a metrics-based improvement approach. What is the candidate yield on each recruiting method? Where are your best candidates coming from? Having analyzed recruiting results for many years, I find that the best source for strong candidates is referrals and the weakest are search firms and broad-sweep advertisements. With these kinds of investments, you will be able to build and sustain a high-performance IT team even in the tightest of markets. For more details on how to choose and build second-tier sites, read <a href=http://www.recipeforit.com/it-cost-reduction-near-term-tactics-to-deliver/building-a-strong-and-productive-it-team/>my post</a>. I know this is a bit like revealing my favorite fishing spot, but it benefits us all to share this kind of information. What other techniques has your organization applied successfully?2012-07-13T10:00:00ZWhy IT Outsourcing Often FailsIT doesn't compare to a security guard force or a legal staff. It's part of your core intellectual property.http://www.informationweek.com/news/240003659?cid=RSSfeed_IWK_AuthorsWhile the general trend of more IT outsourcing (via smaller, more focused deals) continues, these engagements remain difficult to navigate. Every large IT shop that I have turned around had significant problems caused or made worse by the outsourcing arrangement, particularly large deals. While those shops performed poorly for other reasons (ineffectual leadership, process failures, talent issues), improving performance required a substantial revamp or reversal of the outsourcing arrangements. Failed outsourcing deals, involving reputable vendors and customers, litter various industries. While formal statistics are hard to come by, in part because companies are loathe to report their failures publicly, my estimate is that at least 25% and possibly more than half of these deals fail or perform very poorly. Why do these failures occur? And what should you do to improve the probability of success? Much depends on what you choose to outsource and how you manage the vendor and service. A common misconception is that any activity that's not "core" to a company can and should be outsourced. In <a href=" http://www.amazon.com/Discipline-Market-Leaders-Customers-Dominate/dp/0201407191">The Discipline of Market Leaders</a>, authors Michael Treacy and Fred Wiersema argued that market leaders must recognize their competency in one of three areas: product and innovation leadership, customer service and intimacy, or operational excellence. They shouldn't try to excel at all three areas. However, IT is critical to all three areas. And because of this intrinsic linkage, IT isn't like a security guard force or a legal staff, two areas companies commonly outsource successfully. And by outsourcing intrinsic capabilities, companies put their core competency at risk. A recent University of Utah business school <a href="http://www.business.utah.edu/node/1198">article</a> found significantly higher rates of failure at companies that had outsourced IT and other operations. The authors concluded that "companies need to retain adequate control over specialized components that differentiate their products or have unique interdependencies, or they are more likely to fail to survive."   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   My IT best practice: Companies must control their critical intellectual property. If your company uses outsourcing vendors to develop and deliver key features or services that differentiate its products and define its success, then those vendors can typically turn around and sell those advances to your competitors. Or you are putting your success in the hands of someone with very different goals. Be wary of those who say IT isn't a core competency. With every year that passes, there's more IT content in products in nearly every industry. Choose instead to outsource those activities where you don't have scale or cost advantages, or capacity or competence. But ensure that you either retain or build the key design, integration, and management capabilities in-house. Another frequent reason for outsourcing is to achieve cost savings. While most small and midsized companies don't have the scale to achieve cost parity with a large outsourcer, nearly all large companies and many midsized ones do have that scale. Nearly every outsourcing deal that I have reversed in the past 20 years yielded savings of at least 30% and often much more. Cost savings can be accomplished by an IT outsourcer for a large company for a broad set of services only if the current shop is mediocre. If your shop is well run, your all-in costs will be similar to those of the best outsourcing vendors. If you're world class, you can beat the outsourcer by 20% to 40%. A recent example: General Motors' new CIO, Randy Mott, is looking to <a href="http://www.informationweek.com/news/global-cio/interviews/240002892">reverse the company's dependence on IT outsourcing</a> and improve time to market and quality, all while keeping costs in check. Realize as well that any cost difference an IT outsourcer can deliver typically degrades over time. Consider that the goals of the outsourcer are to increase revenue and profit margin, so it invariably will find ways to charge you more, usually for changes to services, while minimizing the work it's doing. While the usual response is that the customer can put terms into the contract to avoid this situation, I have yet to see terms which ensure that the outsourcer does the "right" thing throughout the life of the contract. One dysfunctional, $55-million-a-year outsourcing contract I reversed a few years back was for desktop provisioning and field support for a major bank. During a surprise review of the relationship, we found warehouses full of both obsolete equipment that should have been disposed of and new equipment that should have been deployed. Why? Because the outsourcer was paid to maintain all equipment, whether in use in our offices or in a warehouse, and it had full control of the logistics function (here, the critical intellectual property). So the outsourcing vendor had ordered up its own revenue, in effect. Furthermore, the service had degraded over the years as the vendor hollowed out its initial workforce and replaced it with less qualified people. The solution? We immediately insourced the logistics function and established quality goals. Then we split the field support geography and conducted a competitive bid to select two vendors for that work. Every six months we evaluated each vendor's quality, timeliness, and cost. We gave more territory to the higher-performing vendor and took away territory from the lower-performing one, which was on notice for possible replacement. We maintained a small team of field support experts to keep training and capabilities up to par, update service routines, and resolve problems. The result was far better quality and service--at a 40% lower cost. These results are typical with similar actions across a wide range of services, organizations, and locales. When I was at Bank One more than a decade ago, working under CEO Jamie Dimon and COO Austin Adams, they supported our unwinding of the largest IT outsourcing deal ever consummated at the time. Three years into the contract, it had become a millstone around Bank One's neck. Costs were going up every year and quality eroded to the point where system availability and customer complaints were the worst in the industry. In 2001 we cut the deal short--it was scheduled to run another four years. During the next 18 months, after hiring 2,200 infrastructure staff and revamping the processes and infrastructure, we reduced defects (and downtime) to 1/20th the levels in 2001 while reducing our ongoing expenses by more than $220 million per year. This effort aided the bank's turnaround and allowed for the merger with JP Morgan a few years later. As for having in-house staff do critical work, Dimon said it best: "Who do you want doing your key work? Patriots or mercenaries?" In Proper Moderation Like any tool or management approach, outsourcing is quite valuable when used properly and in the right circumstances. As an executive leader, you can't focus on all company priorities at once, nor would you have the staff. And in some areas, such as field support, outsourcing provides natural economies of scale for many companies. When outsourcing, ensure that your company retains critical IP and control. Or use outsourcing to augment your capacity, or to leverage best-in-class specialized services. Since effective management of large outsourcing deals is nearly impossible, do small deals. Handle the management like any significant in-house function, establishing SLAs, gathering operational metrics, reviewing performance with management every three to six months, and addressing problems. Stipulate consequences for bad performance and rewards for good performance. Use contractors, including cloud providers, for peak workloads. With these best practices and a selective hand, your IT shop and company can benefit from outsourcing and avoid the failures. What experiences have you had with IT outsourcing? Do you see companies getting better at managing and using these services? Let us know in the comments section below. New outsourcing opportunities for insurance companies are emerging around cloud and Web-based initiatives, mobility, real-time interactive customer service, and data management. What is the new thinking in insurance about outsourcing and what are the new opportunities--and risks--in the current hyperconnected global financial services environment? Download our <a href="http://reports.informationweek.com/abstract/106/8899/Financial/optimizing-the-new-outsourcing-model.html?k=axxe&cid=article_axxe">Optimizing The New Outsourcing Model</a> report. (Free registration required.) 2012-05-17T11:30:00ZHow To Build The Right IT SkillsEvery IT pro, no matter how senior, must always be in learning mode, but especially in a lackluster economy.http://www.informationweek.com/news/240000565?cid=RSSfeed_IWK_Authors <div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/global-cio/interviews/232700431"><img src="http://twimgs.com/informationweek/galleries/automated/772/01_Steve-Haindl_tn.jpg" alt="10 CIOs: Career Decisions I'd Do Over" title="10 CIOs: Career Decisions I'd Do Over" class="img175" /></a> <div class="storyImageTitle">10 CIOs: Career Decisions I'd Do Over</div> (click image for larger view and for slideshow)</div>  The IT job market, while brighter than most others, remains stagnant overall. The <a href="http://www.informationweek.com/news/global-cio/interviews/232900174">InformationWeek 2012 IT Salary Survey</a> revealed that median total compensation crept up 1% to 2%. The bright spots are in rising new specialties such as mobility and big data, as well as information security and several other areas. Even though IT unemployment stands at about half the general unemployment rate of more than 8%, every IT pro needs to build the right skills to become more productive and valuable to employers or prospective employers. Below I define both the primary skills that are in demand as well as some time-tested complementary skills, drawing from my more than 20 years improving the staffs and engineering capabilities of multiple large organizations. Before I dive in, it's worth noting that it has been more difficult to get additional skills and training in the past few years as budgets and discretionary project funding have dried up. Yet the pace of technology introduction, from smartphones to tablets to big data to appliances to cloud computing to consumerization, has accelerated. Keep in mind that an IT engineer or manager who not only understands these new technologies but also can deliver solutions in complex business settings is far more valuable than an expert focused on one aspect of the technology portfolio. [ Doing your job perfectly may not be a great career move. Read <a href="http://www.informationweek.com/news/global-cio/interviews/232901366?itc=edit_in_body_cross">CIOs: Don't Get Taken For Granted</a>. ] So how do you go about building a stronger suite of skills and experience? The journey depends, of course, on where you are and where you want to go. I'll assume two potential destinations: either a senior IT management position, including CIO/CTO, or a principal engineer. Now let's look at the appropriate skills to add based on where you are now. Junior Staff If you are just starting out or are a junior staff member, focus on building your first core expertise. Leverage your position to "go deep." If you are a junior analyst, consider working toward a <a href="http://en.wikipedia.org/wiki/A_Guide_to_the_Business_Analysis_Body_of_Knowledge">business analyst</a> certification, such as a CCBA. If you are a desktop or LAN engineer, make sure that you understand the configurations and architectures of your company's infrastructure. Take the training and classes and work to achieve your certifications in the area of your expertise (for example, for the desktop engineer, attain your <a href="http://www.microsoft.com/learning/en/us/certification/mcts.aspx">MCTS</a>). Augment your technical understanding by subscribing to industry publications. Become familiar with foundational elements of IT such as <a href="http://en.wikipedia.org/wiki/ITIL">ITIL</a> and <a href="http://en.wikipedia.org/wiki/CMMI">CMMI</a>. As you practice your chosen area of expertise, try to learn a specific business area as part of your work. This may not always be possible, but it's worthwhile to gain an understanding of how the business works. And don't forget to be a valued team member: Volunteer for assignments that will challenge you, learn as much as you can about the systems you're working on, and do your work with energy and quality (you're building your reputation).   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   Midlevel Staff For those with midlevel expertise, now's the time to branch out to adjacent technical areas. Invariably, IT problems occur between two layers of the stack. For example, if you know networking, add server or information security. If you understand middleware, add <a href="http://en.wikipedia.org/wiki/Database_management_system">DBMS</a>. If you know application development, add DBMS or testing. If your goal is to become a principal engineer, pursue master level certification in your areas of expertise--e.g., earn an <a href="http://www.microsoft.com/learning/en/us/certification/mcitp.aspx">MCITP</a> in Windows or a <a href="http://www.cisco.com/web/learning/le3/ccie/index.html">CCIE</a> (versus a <a href="http://en.wikipedia.org/wiki/CCNA">CCNA</a>) in networking. If your goal is to become a CTO or CIO, then as a mid-level staffer you need to work on becoming a strong team leader. Consider: -- adding project management skills and enhancing your communication skills; -- improving your influence and conflict resolution skills; -- learning how to formulate thorough and compelling business cases or solutions; and -- taking on key project or program leadership roles. The midlevel IT professional should fully understand ITIL and CMMI, as well as become familiar with process improvement approaches (e.g., lean or <a href="http://en.wikipedia.org/wiki/Process_improvement">CPI</a>. In addition, approach your job with the energy and quality that reflects your workmanship and pride. Take on some of the tough assignments as well as the drudge tasks in your area. And demonstrate stewardship of your team's processes by improving them (even if that just means documenting them). Your initiative won't go unnoticed and it will open the door for more senior opportunities down the road. As you mature in your mid-level role, seek out a mentor to provide more personalized advice and a second perspective. If your goal is to become a principal engineer, look for opportunities to contribute at the industry level. Join relevant organizations and contribute to forums advancing the practice. Senior Staff If you're now working at a senior level, you've already accomplished a great deal. But if you don't have a clear path to your goal of becoming CIO or principal engineer, then it's time for some reflection and self-awareness. Reach out to trusted colleagues as well as a coach or mentor to help you identify competencies to work on. A seminal self-help book is <a href="http://www.amazon.com/FYI-Improvement-Guide-Development-Coaching/dp/0974589233/ref=sr_1_1?s=books&ie=UTF8&qid=1337266526&sr=1-1">FYI: For Your Improvement, A Guide For Development And Coaching</a>, by Michael M. Lombardo and Robert W. Eichinger. This is the time to develop an effective leadership style that matches you and drives high performance. Polish your communication skills, especially in front of large groups. Consider your <a href="http://www.recipeforit.com/leadership/why-you-want-an-australian-pilot-lessons-for-outstanding-leadership-in-it/">Power Distance Index</a> and approachability, and work on your dialog skills (read <a href="http://www.amazon.com/Crucial-Conversations-Talking-Stakes-Second/dp/0071771328/ref=sr_1_1?s=books&ie=UTF8&qid=1337266696&sr=1-1">Crucial Conversations</a>). Take advantage of opportunities to rotate through other areas of the IT organization (infrastructure versus applications versus operations), as CIOs and CTOs need to have broad skills. Even in this tough economy, opportunities abound for those with outstanding skills, experience, and leadership. What other skills or experience would you add to this roadmap? Weigh in with a comment below. See why NEC's network controller and eight other products stood out at Interop 2012 in the new, all-digital <a href="http://www.informationweek.com/gogreen/050712s/?k=axxe&cid=article_axxt_os">Best of Interop</a> issue of InformationWeek. (Free registration required.)2012-04-02T14:51:00ZSecurity Practices From The Front LinesIn the age of LulzSec, industrial espionage, and everyday breaches, it's more important than ever to be proactive about security. These security measures and best practices will help keep your information safe.http://www.informationweek.com/news/232800132?cid=RSSfeed_IWK_AuthorsMark Twain observed 150 years ago: "A lie can travel halfway round the world while the truth is putting on its shoes." With the advent of social media, these days that lie has likely made it all the way around the world and back while the truth is still in bed. The stakes are raised even higher by hackers and others who expose confidential data and emails. A group calling itself LulzSec Reborn <a href="http://www.informationweek.com/news/security/attacks/232700290">recently hacked a military dating website</a> releasing the usernames and passwords of more than 170,000 of the site's subscribers. Then there are the for-profit attacks by nation states and companies seeking intellectual property, and fraud by organized crime outfits. Consider the blatant industrial <a href="http://www.vancouversun.com/business/China+been+behaving+like+friend/6214538/story.html">espionage conducted against Nortel</a> and more recently, <a href="http://www.bloomberg.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-s-companies.html">AMSC</a>, or the recent fraud <a href="http://online.wsj.com/article/SB10001424052702303816504577313411294908868.html">attack against Global Payments</a>. [ Help your employees take part of your company's security practices. Read more at <a href="http://www.informationweek.com/news/global-cio/interviews/232700106?itc=edit_in_body_cross">How To Make Information Security Everyone's Problem</a>. ] One of a CIO's most critical responsibilities is to protect his or her company's information assets. Such protection often focuses on preventing others from entering company systems and networks, but it must also identify and prevent data from leaving. The following recommendations can help you do this. They are listed in two sections: conventional measures that focus on system access, and best practices given the profiles of today's attacks. Conventional Measures Establish a thoughtful password policy. Sure, this is pretty basic, but it's worth revisiting. Definitely require that users change their passwords regularly, but set a reasonable frequency--any less than three months and users will write their passwords down, compromising security. As for password complexity, require at least six or seven characters, with one capital letter and one number or other special character. Publicize best security and confidentiality practices. Do a bit of marketing to raise user awareness and improve security and confidentiality practices. No security tool can be everywhere. Remind your employees that security threats can follow them home from work or to work from home. Install and update robust antivirus software on your network and client devices. Enough said. Review access regularly. Also, ensure that all access is provided on a "need-to-know" or "need-to- do" basis. This is an integral part of any Sarbanes-Oxley review, and it's a good security practice as well. Educate your users at the same time you ask them to do the review. This will reduce the possibility of a single employee being able to commit fraud resulting from retained access from a previous position. Put in place laptop bootup hard drive encryption. This encryption will make it very difficult to expose confidential company information via lost or stolen laptops, which is still a big problem. Meanwhile, educate employees to avoid leaving laptops in their vehicles or other insecure places. Require secure access for "superuser" administrators. Given their system privileges, any compromise to their access can open up your systems completely. Ensure that they don't use generic user IDs, that their generic passwords are changed to a robust strength, and that all their commands are logged (and subsequently reviewed by another engineering team and management). Implement two-factor authentication for any remote superuser ID access. Maintain up-to-date patching. Enough said. Encrypt critical data only. Any customer or other confidential information transmitted from your organization should be encrypted. The same precautions apply to any login transactions that transmit credentials across public networks. Perform regular penetration testing. Have a reputable firm test your perimeter defenses regularly. Additional Best Practices Provide two-factor authentication for customers. Some of your customers' personal devices are likely to be compromised, so requiring two-factor authentication for access to accounts prevents easy exploitation. Also, notify customers when certain transactions have occurred on their accounts (for example, changes in payment destination, email address, physical address, etc.). Secure all mobile devices. Equip all mobile devices with passcodes, encryption, and wipe clean. Encrypt your USD flash memory devices. On secured internal networks, minimize encryption to enable detection of unauthorized activity as well as diagnosis and resolution of production and performance problems.   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   Further strengthen access controls. Permit certain commands or functions (e.g., superuser) to be executed only from specific network segments (not remotely). Permit contractor network access via a partitioned secure network or secured client device. Secure your sites from inadvertent outside channels. Implement your own secured wireless network, one that can detect unauthorized access, at all corporate sites. Regularly scan for rogue network devices, such as DSL modems set up by employees, that let outgoing traffic bypass your controls. Prevent data from leaving. Continuously monitor for transmission of customer and confidential corporate data, with the automated ability to shut down illicit flows using tools such as NetWitness. Establish permissions whereby sensitive data can be accessed only from certain IP ranges and sent only to another limited set. Continuously monitor traffic destinations in conjunction with a top-tier carrier in order to identify traffic going to fraudulent sites or unfriendly nations. Keep your eyes and ears open. Continually monitor underground forums ("Dark Web") for mentions of your company's name and/or your customers' data for sale. Help your marketing and PR teams by monitoring social networks and other media for corporate mentions, providing a twice-daily report to summarize activity. Raise the bar on suppliers. Audit and assess how your company's suppliers handle critical corporate data. Don't hesitate to prune suppliers with inadequate security practices. Be careful about having a fully open door between their networks and yours. Put in place critical transaction process checks. Ensure that crucial transactions (i.e., large transfers) require two personnel to execute, and that regular reporting and management review of such transactions occurs. Jim Ditmore is senior VP of technology infrastructure and innovation at Allstate. It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, <a href="http://www.darkreading.com/SecurityMonitoring/util/6023/download.html?k=axxe&cid=article_axxe">Monitoring Tools And Logs Make All The Difference</a>, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)2012-02-29T14:45:00ZHow To Become More Agile and InnovativeIt's time to move beyond the latest agility and innovation fads and institute substantive approaches. Here's how IT can get involved.http://www.informationweek.com/news/232601770?cid=RSSfeed_IWK_AuthorsExecutives are more determined than ever to make their elephant organizations dance. With increasing frequency in companies around the world, they speak of the need for "agility" and "innovation." Even companies with a solid history of developing new products feel under pressure to show they're capable of innovating at a rapid pace. Take Procter & Gamble, which in a recent statement following its soft financial results talked about "increasing our agility, improving cost efficiencies, improving our speed to market, and relentlessly focusing on innovation in every part of our business." Perhaps this widespread urgency can be chalked up to the recent demises of Kodak, Borders, and other companies. But applying the latest management technique is a bit like going on a fad diet. It may yield short-term improvements, but it likely won't deliver a sustainable advantage. Let's focus here on more substantive approaches and map out how IT management should respond to business needs to increase agility and innovation. Let's start with agility. The latest agility fad is the "<a href="http://online.wsj.com/article/SB10001424052970204652904577193460472598378.html">standing meeting</a>," said to be a surefire way to accelerate decision-making. This approach is derived from agile software development, with its incremental delivery streams, frequent, even daily, turnarounds, and tight feedback loops. Rather than make the leap to apply agile project practices to how the business is run, instead use agile judiciously. From my experience, agile methods are best utilized when: -- requirements, particularly user interfaces, aren't well defined or likely to be fluid. -- a rapid turnaround or incremental delivery provide a significant market advantage. -- the business process will be changed and improved in tandem with the system development. A good rule of thumb for the typical IT shop is to leverage agile development for at least half of your small to midsize software projects and at least a quarter of your large projects. But remember: Agile is a build methodology, not a run methodology. Apply a mix of lean and <a href="http://en.wikipedia.org/wiki/Capability_Maturity_Model">capability maturity model</a> (CMM) approaches to your run functions. Treat these run activities as the factory that they are (or should be). Successful run approaches emphasize process definition, metrics, robust execution, a high degree of analysis, and incremental process improvements. <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"><div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"><a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a><div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div>Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy.</div> </div>  Another area where companies can substantially improve agility and time to market is management approvals. If you pull the cycle time for just about any routine company transaction (paying expenses, provisioning new servers, etc.), you'll find that management approvals take up 25% to even 40% or 50% of the total time. Why? Because most companies have myriad approval processes, all done differently, many with manual or cumbersome interfaces and incomplete information. Reduce this oft-neglected bureaucracy by investing in an intranet manager approval page, one portal where a manager can see what requires his or her approval and either approve it directly or easily link to the appropriate page. Modern workflow systems let HR, finance, and other departments set approval (or rejection) time service-level agreements for all managers. These investments will speed up dozens of company processes affecting most employees, and set an agile pace. Also slowing down most companies are their processes for defining system requirements. Requirements, either poorly designed at the outset or improperly constructed after multiple, elongated sessions, are a likely cause of significant defects and serious project delays. Excellent requirements management tools, such as <a href="http://www-01.ibm.com/software/awdtools/reqpro/"> IBM's RequisitePro</a> and <a href="http://www.borland.com/us/products/caliberline/index.aspx">Borland's Caliber</a>, can improve your definition time and quality. Also, work with your partners to ensure there's enough expert staff (business and technical) dedicated to timely completion of the requirements. Use proven best practices such as <a href="http://www.alsup.com/Rapid_Requirements">Rapid Requirements</a> to gain further advantage. Moving on to innovation, what are some of the ways that you as an IT leader can contribute?First, ensure the base IT capability is in place. Because IT is an increasingly important element of nearly every service or product your company produces, it almost goes without saying that you must ensure that your systems perform reliably and your IT organization is staying on top of the latest technology trends and their application to your company's market--and hiring the people with those skills. Analyze and discuss those trends regularly with your business partners. This dialogue is where many of the good innovation ideas will emerge. With that base capability in place, there are two ways for most companies to drive innovation: 1. Build a separate team. One reason companies succeed is because they focus on delivering quality products predictably. Their operations, product, and technology divisions all strive to eliminate variation and improve efficiency. But innovation, by its nature, is discontinuous and causes failures. Many <a href="http://sloanreview.mit.edu/the-magazine/2008-winter/49216/institutionalizing-innovation/">innovation case studies</a> point to setting up separate innovation teams, either as incubators or as autonomous groups launching entirely new businesses. IBM, Dow Chemical, Shell, and others have taken this approach successfully for years. Companies need to set well-defined innovation goals and sponsorship. Sponsorship should be at a senior level, with both line-of-business and technology members. Companies should view their innovation initiatives as an investment portfolio, where diversity is good and poor investments are traded out quickly. Recall that innovation has a high rate of failure; the most successful groups are ruthless about stopping efforts that won't succeed. Most of the company still must drive ongoing incremental improvements, innovative in their own right, that are important to the main business. And this improvement pace must be supported and just as focused and energized. 2. Leverage a culture of tinkering. Companies that foster a culture of ingenuity, curiosity, and experimentation can accelerate innovation faster than companies that don't. But for companies to be able to set aside the time and space for people and teams to engage in "tinkering" requires that they first master the base disciplines of quality and operational excellence (current delivery must be close to flawless). You'll find such companies in many industries, their ongoing success attributable not only to their ability to innovate, but also to out-execute their competitors. At 3M, scientists famously spend 15% of their time on projects they find personally interesting. Some of their greatest successes (e.g., Post-It Notes) didn't result from some innovation session or project, but instead came together over years as ideas and failures percolated in a culture of tinkering. Historically, one of the best places for innovation, <a href="http://www.nytimes.com/2012/02/26/opinion/sunday/innovation-and-the-bell-labs-miracle.html">Bell Labs</a>, shared many of the same characteristics: outstanding operational excellence; the willingness to invest in a culture of tinkering; and encouraging scientists, engineers, and even factory teams from multiple disciplines to work in an open environment with clear goals. The results were legendary, from the transistor to Unix to fiber optics. With these approaches to agility and innovation, the elephant can dance while continuing to reliably handle the day-to-day heavy lifting. Jim Ditmore is senior VP of technology. operations, infrastructure, architecture, and innovation at Allstate. He has worked in IT for more than 25 years and as a CIO or CTO for the last 15 years. You can read more about Jim's views on IT at <a href="http://www.recipeforit.com/">Recipes for IT</a>. InformationWeek is conducting a survey on IT spending priorities. Upon completion of our survey, you will be eligible to enter a drawing to receive an 16-GB Apple iPad 2. Take our <a href="http://informationweek.2012ITspending.sgizmo.com/s3">IT Spending Survey</a> now. Survey ends March 9. 2012-02-14T08:04:00ZiPad's Success Demands IT Change Its ThinkingTablets won't just be a niche. They'll be the dominant knowledge worker platform, so IT will have to start thinking Web and tablet apps first. http://www.informationweek.com/news/232600748?cid=RSSfeed_IWK_AuthorsApple announced the iPad two years ago and began shipping it in April 2010. In less than two years, the rapidity and scale of the shock to the PC marketplace has been stunning. And it's far from finished: Web apps and tablets will become the dominant computing platform for knowledge workers, and IT should start shifting its strategy to accommodate the change. IT managers used to determine what mobile devices their employees used (and thus invariably chose BlackBerry), but now companies are adopting a "bring your own device" (BYOD) approach to mobile. IT managers will need to shift to not just accommodating iPads as an additional mobile device, but to a full-fledged BYOD approach for their knowledge workers' client computing. Let them decide if they need a tablet, an ultrabook, or a laptop. IT will need to <a href="http://www.informationweek.com/news/development/mobility/232500728">develop applications first</a> for the Internet and second for tablets, and only develop for traditional PCs for a small slice of back-office production workers. Knowledge workers will demand the use of tablets first and ultra-thin notebooks like the Macbook Air or ultrabooks second. Companies will accommodate this shift because their employees will be more productive and satisfied, and it will cost the company less, since often the employee supplies his or her own device. As the ability to implement and leverage this BYOD approach improves, today's slow migration will become a massive rush. And the business PC segment for knowledge workers will follow what already is happening in the broader consumer segment. [ Want more on iPads? Read <a href="http://www.informationweek.com/news/galleries/hardware/handheld/232600604?itc=edit_in_body_cross">9 Powerful Business Uses For Tablet Computers</a>. ] As an IT manager you should ensure your shop is on the front edge of this transition as much as possible. The tools to deploy, manage, and implement secure sessions are rapidly maturing and are already well proven. Many companies started pilots or small implementations in the past year, in such areas as providing iPads instead of 5-inch thick binders for their <a href="http://www.informationweek.com/byte/commentary/personal-tech/tablets/232301441">boards of directors</a>, or giving senior executives iPads to use in meetings instead of printed presentations. But the big expansion has been allowing senior managers and knowledge workers to begin accessing corporate email and intranets via their own iPads from home or when traveling. With the success of these pilots, companies are planning broader rollouts and are adopting <a href="http://www.informationweek.com/news/government/mobile/232600428">formal BYOD policies</a> for laptops and tablets. So how do you ensure that your company stays abreast of these changes? If you have not already piloted corporate email and intranet access from smartphones and tablets, get going. Look also to pilot the devices for select groups such as your board and senior executives. This will let you get the support infrastructure in place and work out problems before a larger rollout. Work with your legal and procurement team to define the new corporate policy on employee devices. Many companies provide the employee a voucher covering the cost of the device purchase, but the employee is the owner. By keeping any corporate data in a secure partition of the device, one that can be wiped clean if it's lost or stolen, you can meet your corporate IT security standards. But BYOD email is only the most basic level.More importantly, IT must adjust its thinking about the most vital interface is for internal applications. For more than a decade, it has been the PC with perhaps an Internet interface. Going forward, it needs to be an Internet interface, possibly with a smartphone and iPad app. Client-based, corporate PC interfaces will be one of the casualties of this shift from PCs, with the exception of dedicated production applications, such as the general ledger for the finance team or a call center support application. If you're looking for leaders in this effort, <a href="http://www.informationweek.com/news/galleries/government/mobile/232300178">look at government agencies</a>, especially in the United States, which have been quite agile in delivering their reference works, for everything from the state legal code to driving rules and regulations, on iPad applications in the iTunes store. The corporate sector is trailing the government in this adoption. How many of your companies have their HR policies and procedures in an iPad application that can be downloaded? Or a smartphone app to handle your corporate travel expenses? Does your front office application let customer-facing personnel be as mobile and productive as an Apple retail employee? IT will have to build the software distribution infrastructure to let employees download or "pull" these applications and get new versions. That means configuring your own corporate version of an iTunes store, to let people self-provision and download apps to their devices, just as they download Angry Birds today. An in-house app store will provide a better experience for the corporate user at reduced cost. Forward-thinking infrastructure managers today are thinking about how to extend this app store infrastructure and approach to all their devices. It's just another example of an approach developed for the consumer market that's driving expectations in the business market. As for those desktop PCs, where will they be in two to three years? They will still be used by production workers such as call center and back office personnel, but they will be more than likely virtualized, so the heavy computing is done in the data center and not the PC. And desktop PCs will be a much smaller proportion of overall client devices. This will have significant implications on your client software licenses (e.g. Windows and Office), and you should begin considering now how to adjust your contracts to handle this changing situation. Just beyond those two or three years, it's possible that we'll consider traditional desktops the same way we think of floppy drives today--an odd bit of technology from the past. Jim Ditmore, the former CIO of Barclays Global Retail Bank, has worked in IT for more than 25 years and as a CIO or CTO for the last 15 years. You can read more about Jims views on IT at <a href="http://www.recipeforit.com/">Recipes for IT</a>. Email encryption, rights management, email gateways and full-on data loss prevention systems can keep corporate data secure. Consider the pros and cons of each to determine what's best for your business. Download our <a href="http://www.darkreading.com/InsiderThreat/util/7224/download.html?k=axxe&cid=article_axxe_os">Email And Data Loss</a> report. (Free registration required.)2012-01-24T11:19:00ZStart 2012 Like You Have A New JobCIOs and IT leaders should take a first 90 days mindset to start the year on the right track. Define a clear vision, get connected, and inspect.http://www.informationweek.com/news/232500366?cid=RSSfeed_IWK_AuthorsThis is my first column for InformationWeek. Having served in IT management for 25 years, 14 of them as a CIO or CTO, I'm looking forward to sharing my insights into how to tackle the tough but solvable business technology problems we all face. In addition to drawing from personal experiences, I'll provide some sensible perspectives on the latest technologies and trends. Let's start with a subject that's relevant to not just those embarking on a new IT leadership position, but to every business technology leader who wants to start the year on the right track. What should you do in the first 90 days? Move quickly and decisively. The first 90 days isn't about settling in and meeting people and deciding the decor for your office. Nor is it about starting up a bunch of cool pet projects for the CEO. Your focus should be on three main things: -- Set the vision and goals for your team. Begin communicating your vision almost immediately. Start with broad strokes, focusing first on the cultural aspects--for example, our No. 1 job will be quality and service availability, or we will become the best X platform in the industry, or we will be efficient and easy for customers to use. If you're starting a new role, you should be sorting out your vision even before you start. Then, as you gain more knowledge about corporate initiatives and priorities, fill around your vision with clear goals. Make sure your vision pays heed to the meat and potatoes of the company's primary value chain. I find it useful to sort aspirations from the main thrust of the company. Usually, the corporate vision can be easily cascaded to your vision, but ensure that aspirational elements (such as product innovation in a company that's been successful based on great customer service or operational efficiency) aren't front and center. When I first started as CIO at an online brokerage company, the business aspirational talk was about how could we deliver the latest cool stock research tool. But given pressing availability issues, we focused instead on reliability and making our Web interface fast and simple. This work catalyzed with our corporate brand of being easy to use and trustworthy. The end result was hundreds of thousands of new customers, and fast and simple became the main thrust of our corporate marketing campaign. Keep your vision simple and direct. Then, as you learn more, work with your team to develop clear goals and progress metrics that drive to your vision. -- Connect with all the stakeholders of IT--your customers, peers, boss, and team. Obviously, you'll meet early and often with your direct reports and their managers. Listen first, but also communicate your vision and key operating principles. If you make commitments in these early meetings, you must absolutely meet them. Your reputation is on the line. Spend plenty of time connecting with your boss and key peers. Make sure you understand fully what's needed and expected. Use these sessions to sound out the company vision, goals, plans, and initiatives. And if these executives mention that you ought to look into something, it's not a hint--put it at the top of your priority list.   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   Meet with your team, all of your staff. Visit them onsite. Don't just talk to them; set up forums that encourage questions and discussion. But don't forget to succinctly communicate your vision and key expectations. Meet with your customers--and listen to them. What are the underlying issues troubling them? Follow up these sessions with time to discuss and set joint expectations and goals. I've often found that the biggest issue colleagues and users have with IT is <a href="http://www.informationweek.com/news/global-cio/interviews/231600586">a lack of responsiveness</a>. And if you don't take the time to listen and then follow up on your commitments to them, you won't establish strong relationships with them. When I started at a large company several years ago, I was warned about the acrimonious relationship IT had with a very powerful business leader. After meeting with him and listening, we were able to sort out the small but persistent issues that had poisoned the waters for years. Subsequently, he became one of IT's staunchest advocates. -- Use these connection sessions to define both near-term actions and longer-term goals that delineate your vision. Write up your findings, reach out to some of your peers for further review and refinement, and validate them with your boss. Have the senior members of your team assist in crafting further details. In addition to connecting to understand the landscape, you must also inspect--make sure that the fundamentals are in place, the big things are getting done, and you have a full view of the major risks and threats. I recommend the following regimen: -- Review the top three to five initiatives. -- Review the key production practices (change, incident). -- Review the key business systems and understand upcoming releases, costs, security and quality practices, and outstanding issues. -- Tour the command center and data center. -- Walk through the project methodology and several small to midsize projects. -- Check out how new employees get technology--is it effective? -- Go to a branch or retail store. Visit a call center. See how the business is using your technology and learn their view of it. -- Walk through a new account opening or product introduction process. This is often where there's sand in the gears. In each of these reviews, include people who report directly to those at the line level doing the work. Have an open review session with this mixed group in order to get unfiltered information. Use this clearer view to identify the additional obstacles or needs that must be addressed to meet the vision and goals you have set out. Just as important, use this data to identify what to stop doing. Which reports aren't needed? Which processes can be streamlined? Which IT hobbies should be stopped? How many labs does your team have or how many third-party fishing expeditions are being funded that don't address core business goals and issues? Part of being a great IT leader is discerning what should not be done. Don't just add to people's workloads. As you're wrapping up your reviews, turn your attention to IT and risk governance. By now, you should have a clear perspective on where the problem areas are and where processes must be streamlined. Adjust IT governance with an eye toward ensuring problem areas (especially those associated with endemic quality issues) have ongoing oversight. And streamline the governance to match updated processes. Finally, review all governance for clear accountability. Spend time observing your team and identifying weaknesses. While you can understand that everyone will have an excuse for why some problems weren't addressed previously, you will need to ascertain if they were really hamstrung or are just not effective leaders. Be careful about doing a <a href="http://www.informationweek.com/news/galleries/global-cio/interviews/231900852">wholesale replacement</a> or just bringing in people who were loyal to you before. An outstanding leader is someone who can build another world-class team with a new set of team members. One of the greatest coaches in NFL history, Joe Gibbs, won the Super Bowl three times with three different quarterbacks. Begin to address personnel weaknesses either by coaching and developing those people, or by bring in new or supplementary talent. This process will carry on after the first 90 days--you're never done here--but you need to get off to a good start. So define a clear vision, get connected, and inspect. And you will be off to a great start in your new role or for the rest of 2012. Jim Ditmore, the former CIO of Barclays Global Retail Bank, has worked in IT for more than 25 years and as a CIO or CTO for the last 15 years. You can read more about Jim's views on IT at <a href="http://www.recipeforit.com/">Recipes for IT</a>. Nominate your company for the 2012 InformationWeek 500--our 24rd annual ranking of the nation's very best business technology innovators. Deadline is April 27. Organizations with $250 million or more in revenue may apply for the <a href="http://informationweek.2012IW500pre-registration.sgizmo.com?iwid=pl <http://informationweek.2012iw500pre-registration.sgizmo.com/?iwid=pl> ">2012 InformationWeek 500</a> now.