AARP CIO Talks Transformation, Leadership

Acting CIO Amy Doherty tells us about her strategies for motivating employees, IT transformation, and changing the security culture at AARP.

Kelly Sheridan, Staff Editor, Dark Reading

June 17, 2015

7 Min Read
<p align="left">(Image: AARP)</p>

Big Data Talent: 6 Ways To Snag The Best

Big Data Talent: 6 Ways To Snag The Best

Big Data Talent: 6 Ways To Snag The Best (Click image for larger view and slideshow.)

Amy Doherty recently stepped into her role as acting CIO of AARP, but her new gig comes after years of preparation. Before her appointment, she served as AARP's VP of customer service and solution delivery, the latest in a series of IT positions in financial services and real estate.

AARP Inc., formerly known as the American Association of Retired Persons, is a non-profit organization that helps nearly 38 million members achieve their goals and navigate issues concerning retirement planning, healthcare, and employment security. Its workforce is about 2,200 strong, with an IT department of 143 employees.

When Doherty joined the non-profit three and a half years ago, she was solely focused on a new ERP project. Since then, she has taken on greater responsibility to bridge the gap between business and IT through architecture, business analysis, IT solutions, and project delivery.

In March 2015, AARP underwent an organizational realignment that resulted in an executive shake-up. Then-CIO Terry Bradwell was subsequently named Interim Chief Enterprise Strategy & Innovation Officer, and Amy was chosen to fill the CIO role. She now reports to COO Scott Frisch.

[ Learn to stop worrying and love Artificial Intelligence. Read:  AI Creates Jobs: Study ]

In an interview with InformationWeek, Doherty explained her goals as CIO: increasing agility, improving IT's ability to execute, and boosting stability, efficiency, and resiliency throughout the organization. These goals may sound familiar to many CIOs, but Doherty has a unique perspective on leadership honed through her years of management experience.

A New Leader

Doherty admitted she does not draw leadership inspiration from the managers she has had over the years. In fact, she does the opposite. In her experience, she said, these bosses have taught her "what not to do" from a management perspective.

After working for people who stayed cooped-up in their offices all day, or managed up to the detriment of managing down or managing across, Doherty works to ensure that all employees know they are appreciated.

"I try to reward earnest effort and risks taken, even if it has resulted in failure," she said, though she's careful to discern which letdowns involved hard work, and which were careless errors.

"Recklessness, repeated mistakes, missing obvious warning signs [are] not okay," she said. "But there is room for testing and learning in a business environment. Otherwise, innovation is stifled."

A leader's refusal to engage with employees ultimately causes workers to become disengaged. They are discouraged, their loyalty ebbs, they no longer want to go the extra mile. "They lose passion for the mission because the leader isn't engaged," Doherty said. "I want to avoid that at all costs."

As VP, Doherty started staff meetings with a roundtable chat about employees' lives outside of work. She served as an informal mentor to IT staff, providing advice on topics ranging from office attire to career development. Her team and direct reports pass around a trophy to acknowledge exceptional collaboration, an initiative she started.

Figure 2: (Image: AARP)

(Image: AARP)

Now her team is reworking its engagement plan as Doherty strives to balance new CIO responsibilities without sacrificing face time. During "Lunches with Amy," she eats with a randomly selected small group of employees so she can learn their wants and needs. Last week, the team held a food drive and built sculptures with donated items, another project that built camaraderie.

"It was hysterical," she recalled. "Some groups dressed alike and had team names -- Soup-A-Stars, The Cereal Killers. Some brought themed music, one team made the Lincoln Memorial out of cans and dressed up a member as Abe Lincoln."

Doherty coordinates with VPs to learn which IT employees are going above and beyond so she can mail thank-you cards to their homes, in recognition that hard work often interferes with family time. On their birthdays, team members receive handmade cards.

"A good leader is a 360-degree leader," she said. "Your success is based on the folks that work with you."

Next Page: Executing An IT Revamp


Executing An IT Revamp

Doherty's managerial skills and experience have been put to the test in the ongoing IT transformation at AARP. "We turned the department on its ear," she said of the customer-first initiative that began about 18 months ago.

The goal is to "increase collaboration, standardize our approach, and provide consistency of service back to the business," Doherty explained.

AARP'S transformation started with a managerial shake-up that moved many roles from the "back office" of IT to customer-facing positions. Functions including help desk, videoconferencing support, and MDM were moved to the Customer Service & Solution Delivery department. AARP also began to outsource roles in Tier 2/3 application support, data center operations, and network operations.

For each transformative effort, there is a corresponding road map that extends through 2016. Doherty described how multiyear tracks were created to measure progress in forming new project management offices, vendor management offices, IT training and development plans, and processes for improving efficiency throughout the department.

A new division called Workforce Productivity was created with the goal of making AARP employees more effective, regardless of their location, through mobility solutions, business-process improvements, desktop solutions, unified communications, and usability enhancements. The department was staffed with a director of workforce productivity, solution architect, continuous improvement advisors, and delivery executives.

[ Need more from your tablet? Read: iOS 9 Gives iPad A Serious Productivity Boost ]

Now, AARP is "running IT like a business," said Doherty. IT is front-facing, everything is shared, and app support is centralized. The organization has also started to educate IT employees to help them better understand the business, its mission, and how their work fits in with business goals.

Although the roadmap only extends to 2016, Doherty admitted the transformation end date is flexible. "We don't know if other processes will pop up," she said. "At some point, it'll become a continuous improvement; now it's still formal process."

As a formal effort, the transformation currently involves several project teams, weekly meetings, a published status report, track leads, and a program manager. When it starts to wind down, continuous improvement will become the priority, but it's unclear what strategy will take hold. Drawing from previous experience, she suggested ideas will be solicited from the team and choosen based on which would work best for the organization.

"The big opportunity is always how to keep the spirit of innovation and improvement alive and well, when we all have so many things on our plates," Doherty said. She added that she's excited about opportunities for broader employee engagement if the program is managed well.  

Next Page: Tightening Security


Tightening Security

Doherty's interactive leadership strategy is evident in her approach to changing the internal security culture at AARP from complacency to high alert.

AARP, which doesn't store sensitive information such as social security numbers or credit card data, has more of a reputational than regulatory risk in the face of data breaches. Its reputation is critical to its brand, and it doesn't want members to have to learn that their address or email was made available to a bad actor. There is "a sacred trust" between the AARP and its senior clients, said Doherty.

Figure 1: (Image: AARP)

(Image: AARP)

Over the next year, Doherty plans to implement projects to spark awareness and educate employees on how protecting members starts with simple steps. A complex password, for example, could be the thing that protects an elderly woman from identity theft.

While communication is a key component in educating employees about security, it's not the only method. AARP also holds events such as its information security day, during which security staff are on hand to answer questions and give demonstrations. Employees must also undergo mandatory security training.

In a more hands-on approach to security awareness, Doherty described how fake phishing emails were sent to test employees from the executive level and down. Activity was monitored to see which employees took the bait. Those who clicked the links were sent to an educational website that explained common signs of phishing and how to avoid attacks in the future.

This interactive approach applies to anything conveyed to staff, Doherty said. Rather than solely relying on internal communications, other methods are used to educate and inform employees.

About the Author(s)

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights