Strategic CIO // Executive Insights & Innovation
Commentary
4/30/2014
02:00 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
100%
0%

5-Step Plan For New Target CIO

Target's new CIO, Bob DeRodes, faces tough challenges as he upgrades information security processes. Here's my armchair quarterback advice.

DeRodes will do himself and Target a favor if he presents periodic reports on progress; doing so will help to rebuild Target's IT credibility. And these types of reports also help with internal morale, which must be low. More on that in a moment.

Step 3: Don't get in the way.
It's likely that everyone in the Target IT organization has been wearing a scarlet breach "B" on their collective chests, ashamed of the breach and the financial and PR consequences. Those who have stuck around are working their keisters off to make things better.

My guess is that 80% or more of the activities already happening (see point No. 2) are exactly what Target needs. The worst thing DeRodes could do in this situation would be to jump in and further demoralize staffers by throwing out their plans because he wants to put his own stamp on things.

DeRodes won't. He's too experienced to make that mistake. He'll intervene when he sees a clear need to do so. Otherwise, he'll mostly keep out of the way after he assesses and tweaks the plan.

Step 4: Assess and address staffing.
The most important thing a CIO does is attract and retain the right talent -- and encourage the wrong talent to go elsewhere. DeRodes will do one-on-one interviews with a handful of key staffers, and he'll assess the rest of the team by proxy, by reviewing them with his managers. He may also use a sampling strategy, where he compares what one of his managers says about a staffer with what his own interview and assessment tells him. My guess is that he won't sample very much unless he starts worrying about the competence or leadership abilities of his management team.

The worst thing for Target, given how demoralized key staffers are, would be to let experienced, talented IT people walk out the door. Retaining the right people will be hugely important.

DeRodes will also assess whether staffing levels are adequate. Security tasks sometimes don't get done when folks are insanely busy. My guess is that Target will overcompensate for security for the foreseeable future.

Step 5: Build a new IT culture.
When the CEO states publicly that he hired you for your "history of leading transformational change," you'd better get cracking. Significant change always requires a reboot of the organizational culture. DeRodes won't start doing that until the basics are in order: current security plan being followed, chip-and-PIN project on track, staff assessment completed, etc. But it will loom large on his agenda.

Anybody can come in and implement projects. But creating lasting change will require a lot more effort. It's not a cookie-cutter project. DeRodes must take what he learns from Steinhafel, from his staff assessment, and from his peers and put together an almost forensic reconstruction of what went wrong and how a change in basic work values could have made a difference. This assessment is an important step toward creating guiding principles that both jibe with Target's overall values and steer employees to do the right things, even when there's no explicit policy to guide them.

For example, DeRodes will be digging into why Target's security team ignored data breach alarms. Yes, the technical reasons are that Target, not unlike many organizations, chose to take manual, not automated, action, likely because of fear of false positives shutting down important business processes. But was there also a culture of "mother-may-I?" going on? Were individual security analysts empowered to take swift action, or did they have to embark on a chain-of-command journey to do anything? When you have the correct core values in place (as opposed to needing a specific policy for every contingency), employees take action.

This is arguably the hardest but most important part of creating lasting change. DeRodes has his work cut out for him.

Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and we offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators. Read our InformationWeek Elite 100 issue today.

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
4/30/2014 | 2:43:04 PM
Expensive, Massive, Doomed
Security as practicied by large companies today looks way too much like a massively multilevel game of whack-a-mole. So many regs, so many segments, so many stupid end users er, inside threats. There's no way around it, but how sustainable is it? The costs have to be passed along to consumers. At what point do we just surrender and all just get credit cards that expire every month?
RobPreston
50%
50%
RobPreston,
User Rank: Author
4/30/2014 | 3:09:29 PM
Blow Your Own Horn
I like Jonathan's emphasis on "visibly" delivering on what the Target CEO and shareholders want. CIOs in all industries need to blow their organizations' horns more -- get better at communications and PR. Critical in this day and age.

 
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Author
4/30/2014 | 5:58:14 PM
Re: Blow Your Own Horn
The big chip-and-pin payment terminal plan illustrates the opportunity -- now is the time to go big on initiatives that wouldn't have been possible before the breach. Think anyone ever thought about those kind of payment terminals before? Such security steps face the "do we have to?" and "why now?" questions. Now security will take center stage -- for a bit.
Craig Carpenter, AccessData
100%
0%
Craig Carpenter, AccessData,
User Rank: Apprentice
4/30/2014 | 6:15:30 PM
Advice from the Front Lines
Excellent story Jonathan, the front lines are always the best place from which advice should come.  If I were Bob De Rodes, I would be listening!
shakeeb
50%
50%
shakeeb,
User Rank: Black Belt
4/30/2014 | 9:16:04 PM
Re: Advice from the Front Lines
I agree with you. It is always important to listen since it gives more space for good decision making.
shakeeb
50%
50%
shakeeb,
User Rank: Black Belt
4/30/2014 | 9:19:24 PM
Re: Advice from the Front Lines
The most important factor that took my attention was "Assess and address staffing". Retaining the good talents has become a challenge age for the CIO, hence he has to focus on it very much.
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.